Vulnerabilities > CVE-2008-0072 - USE of Externally-Controlled Format String vulnerability in Gnome Evolution
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Format String Injection An attacker includes formatting characters in a string input field on the target application. Most applications assume that users will provide static text and may respond unpredictably to the presence of formatting character. For example, in certain functions of the C programming languages such as printf, the formatting character %s will print the contents of a memory location expecting this location to identify a string and the formatting character %n prints the number of DWORD written in the memory. An attacker can use this to read or write to memory locations or files, or simply to manipulate the value of the resulting text in unexpected ways. Reading or writing memory may result in program crashes and writing memory could result in the execution of arbitrary code if the attacker can write to the program stack.
- String Format Overflow in syslog() This attack targets the format string vulnerabilities in the syslog() function. An attacker would typically inject malicious input in the format string parameter of the syslog function. This is a common problem, and many public vulnerabilities and associated exploits have been posted.
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-583-1.NASL description Ulf Harnhammar discovered that Evolution did not correctly handle format strings when processing encrypted emails. A remote attacker could exploit this by sending a specially crafted email, resulting in arbitrary code execution. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 31405 published 2008-03-07 reporter Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/31405 title Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : evolution vulnerability (USN-583-1) NASL family SuSE Local Security Checks NASL id SUSE_EVOLUTION-5086.NASL description This update of evolution fixes multiple format-string vulnerabilities that can occur while processing encrypted messages. (CVE-2008-0072) last seen 2020-06-01 modified 2020-06-02 plugin id 31453 published 2008-03-13 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31453 title SuSE 10 Security Update : evolution (ZYPP Patch Number 5086) NASL family SuSE Local Security Checks NASL id SUSE_EVOLUTION-5087.NASL description This update of evolution fixes multiple format-string vulnerabilities that can occur while processing encrypted messages. (CVE-2008-0072) last seen 2020-06-01 modified 2020-06-02 plugin id 31454 published 2008-03-13 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31454 title openSUSE 10 Security Update : evolution (evolution-5087) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2008-063.NASL description Ulf Harnhammar of Secunia Research discovered a format string flaw in how Evolution displayed encrypted mail content. If a user were to open a carefully crafted email message, arbitrary code could be executed with the permissions of the user running Evolution. The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 36634 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36634 title Mandriva Linux Security Advisory : evolution (MDVSA-2008:063) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200803-12.NASL description The remote host is affected by the vulnerability described in GLSA-200803-12 (Evolution: Format string vulnerability) Ulf Harnhammar from Secunia Research discovered a format string error in the emf_multipart_encrypted() function in the file mail/em-format.c when reading certain data (e.g. the last seen 2020-06-01 modified 2020-06-02 plugin id 31387 published 2008-03-07 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31387 title GLSA-200803-12 : Evolution: Format string vulnerability NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2008-0177.NASL description From Red Hat Security Advisory 2008:0177 : Updated evolution packages that fix a format string bug are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Evolution is the GNOME collection of personal information management (PIM) tools. A format string flaw was found in the way Evolution displayed encrypted mail content. If a user opened a carefully crafted mail message, arbitrary code could be executed as the user running Evolution. (CVE-2008-0072) All users of Evolution should upgrade to these updated packages, which contain a backported patch which resolves this issue. Red Hat would like to thank Ulf Harnhammar of Secunia Research for finding and reporting this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 67667 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67667 title Oracle Linux 4 : evolution (ELSA-2008-0177) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2008-0177.NASL description Updated evolution packages that fix a format string bug are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Evolution is the GNOME collection of personal information management (PIM) tools. A format string flaw was found in the way Evolution displayed encrypted mail content. If a user opened a carefully crafted mail message, arbitrary code could be executed as the user running Evolution. (CVE-2008-0072) All users of Evolution should upgrade to these updated packages, which contain a backported patch which resolves this issue. Red Hat would like to thank Ulf Harnhammar of Secunia Research for finding and reporting this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 31424 published 2008-03-13 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/31424 title CentOS 4 / 5 : evolution (CESA-2008:0177) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0177.NASL description Updated evolution packages that fix a format string bug are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Evolution is the GNOME collection of personal information management (PIM) tools. A format string flaw was found in the way Evolution displayed encrypted mail content. If a user opened a carefully crafted mail message, arbitrary code could be executed as the user running Evolution. (CVE-2008-0072) All users of Evolution should upgrade to these updated packages, which contain a backported patch which resolves this issue. Red Hat would like to thank Ulf Harnhammar of Secunia Research for finding and reporting this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 31389 published 2008-03-07 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/31389 title RHEL 4 / 5 : evolution (RHSA-2008:0177) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1512.NASL description Ulf Harnhammar discovered that Evolution, the e-mail and groupware suite, had a format string vulnerability in the parsing of encrypted mail messages. If the user opened a specially crafted email message, code execution was possible. last seen 2020-06-01 modified 2020-06-02 plugin id 31359 published 2008-03-07 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/31359 title Debian DSA-1512-1 : evolution - format string attack NASL family Fedora Local Security Checks NASL id FEDORA_2008-2290.NASL description Ulf Harnhammar of Secunia Research discovered a format string flaw in the way Evolution displayed encrypted mail content. If a user opened a carefully crafted mail message, arbitrary code could be executed as the user running Evolution. (CVE-2008-0072) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 31374 published 2008-03-07 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31374 title Fedora 7 : evolution-2.10.3-8.fc7 (2008-2290) NASL family Scientific Linux Local Security Checks NASL id SL_20080305_EVOLUTION_ON_SL4_X.NASL description A format string flaw was found in the way Evolution displayed encrypted mail content. If a user opened a carefully crafted mail message, arbitrary code could be executed as the user running Evolution. (CVE-2008-0072) last seen 2020-06-01 modified 2020-06-02 plugin id 60369 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60369 title Scientific Linux Security Update : evolution on SL4.x, SL5.x i386/x86_64 NASL family Fedora Local Security Checks NASL id FEDORA_2008-2292.NASL description Ulf Harnhammar of Secunia Research discovered a format string flaw in the way Evolution displayed encrypted mail content. If a user opened a carefully crafted mail message, arbitrary code could be executed as the user running Evolution. (CVE-2008-0072) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 31375 published 2008-03-07 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31375 title Fedora 8 : evolution-2.12.3-3.fc8 (2008-2292) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0178.NASL description Updated evolution packages that fix a format string bug are now available for Red Hat Enterprise Linux 4.5 Extended Update Support. This update has been rated as having critical security impact by the Red Hat Security Response Team. Evolution is the GNOME collection of personal information management (PIM) tools. A format string flaw was found in the way Evolution displayed encrypted mail content. If a user opened a carefully crafted mail message, arbitrary code could be executed as the user running Evolution. (CVE-2008-0072) All users of Evolution should upgrade to these updated packages, which contain a backported patch which resolves this issue. Red Hat would like to thank Ulf Harnhammar of Secunia Research for finding and reporting this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 63849 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63849 title RHEL 4 : evolution (RHSA-2008:0178)
Oval
accepted | 2013-04-29T04:07:53.767-04:00 | ||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||
description | Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field. | ||||||||||||||||||||||||
family | unix | ||||||||||||||||||||||||
id | oval:org.mitre.oval:def:10701 | ||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||
submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||
title | Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field. | ||||||||||||||||||||||||
version | 27 |
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
References
- http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00003.html
- http://secunia.com/advisories/29057
- http://secunia.com/advisories/29163
- http://secunia.com/advisories/29210
- http://secunia.com/advisories/29244
- http://secunia.com/advisories/29258
- http://secunia.com/advisories/29264
- http://secunia.com/advisories/29317
- http://secunia.com/advisories/30437
- http://secunia.com/advisories/30491
- http://secunia.com/secunia_research/2008-8/advisory/
- http://security.gentoo.org/glsa/glsa-200803-12.xml
- http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0105
- http://www.debian.org/security/2008/dsa-1512
- http://www.kb.cert.org/vuls/id/512491
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:063
- http://www.redhat.com/support/errata/RHSA-2008-0177.html
- http://www.redhat.com/support/errata/RHSA-2008-0178.html
- http://www.securityfocus.com/archive/1/492684/100/0/threaded
- http://www.securityfocus.com/bid/28102
- http://www.securitytracker.com/id?1019540
- http://www.ubuntu.com/usn/usn-583-1
- http://www.vupen.com/english/advisories/2008/0768/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41011
- https://issues.rpath.com/browse/RPL-2310
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10701
- https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00190.html
- https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00195.html