ID CVE-2007-3257
Summary Camel (camel-imap-folder.c) in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index.
References
Vulnerable Configurations
  • GNOME Evolution 1.11
    cpe:2.3:a:gnome:evolution:1.11
CVSS
Base: 6.8 (as of 20-06-2007 - 09:21)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-475-1.NASL
    description Philip Van Hoof discovered that the IMAP client in Evolution did not correctly verify the SEQUENCE value. A malicious or spoofed server could exploit this to execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 28076
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28076
    title Ubuntu 6.06 LTS / 6.10 / 7.04 : evolution-data-server vulnerability (USN-475-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_EVOLUTION-DATA-SERVER-3826.NASL
    description A malicious IMAP server could execute code within evolution by sending a malformed response to a SEQUENCE command. (CVE-2007-3257)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29423
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29423
    title SuSE 10 Security Update : evolution-data-server (ZYPP Patch Number 3826)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200711-04.NASL
    description The remote host is affected by the vulnerability described in GLSA-200711-04 (Evolution: User-assisted remote execution of arbitrary code) The imap_rescan() function of the file camel-imap-folder.c does not properly sanitize the 'SEQUENCE' response sent by an IMAP server before being used to index arrays. Impact : A malicious or compromised IMAP server could trigger the vulnerability and execute arbitrary code with the permissions of the user running Evolution. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 27815
    published 2007-11-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27815
    title GLSA-200711-04 : Evolution: User-assisted remote execution of arbitrary code
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-136.NASL
    description A flaw in Evolution/evolution-data-server was found in how Evolution would process certain IMAP server messages. If a user were tricked into connecting to a malicious IMAP server, it was possible that arbitrary code could be executed with the privileges of the user using Evolution. Updated packages have been patched to prevent this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 25602
    published 2007-06-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25602
    title Mandrake Linux Security Advisory : evolution (MDKSA-2007:136)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0510.NASL
    description From Red Hat Security Advisory 2007:0510 : Updated evolution-data-server package that fixes a security bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The evolution-data-server package provides a unified backend for programs that work with contacts, tasks, and calendar information. A flaw was found in the way evolution-data-server processes certain IMAP server messages. If a user can be tricked into connecting to a malicious IMAP server it may be possible to execute arbitrary code as the user running the evolution-data-server process. (CVE-2007-3257) All users of evolution-data-server should upgrade to these updated packages, which contain a backported patch which resolves this issue.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67526
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67526
    title Oracle Linux 5 : evolution-data-server (ELSA-2007-0510)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_B1B5C125230811DCB91A001921AB2FA4.NASL
    description Debian project reports : It was discovered that the IMAP code in the Evolution Data Server performs insufficient sanitising of a value later used an array index, which can lead to the execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-11-23
    plugin id 25592
    published 2007-06-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25592
    title FreeBSD : evolution-data-server -- remote execution of arbitrary code vulnerability (b1b5c125-2308-11dc-b91a-001921ab2fa4)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200707-03.NASL
    description The remote host is affected by the vulnerability described in GLSA-200707-03 (Evolution: User-assisted remote execution of arbitrary code) The imap_rescan() function of the file camel-imap-folder.c does not properly sanitize the 'SEQUENCE' response sent by an IMAP server before being used to index arrays. Impact : A malicious or compromised IMAP server could trigger the vulnerability and execute arbitrary code with the permissions of the user running Evolution. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 25661
    published 2007-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25661
    title GLSA-200707-03 : Evolution: User-assisted remote execution of arbitrary code
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0510.NASL
    description Updated evolution-data-server package that fixes a security bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The evolution-data-server package provides a unified backend for programs that work with contacts, tasks, and calendar information. A flaw was found in the way evolution-data-server processes certain IMAP server messages. If a user can be tricked into connecting to a malicious IMAP server it may be possible to execute arbitrary code as the user running the evolution-data-server process. (CVE-2007-3257) All users of evolution-data-server should upgrade to these updated packages, which contain a backported patch which resolves this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25577
    published 2007-06-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25577
    title CentOS 5 : evolution-data-server (CESA-2007:0510)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1321.NASL
    description It was discovered that the IMAP code in the Evolution Data Server performs insufficient sanitising of a value later used an array index, which can lead to the execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25615
    published 2007-06-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25615
    title Debian DSA-1321-1 : evolution-data-server - programming error
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0509.NASL
    description Updated evolution packages that fix a security bug are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Evolution is the GNOME collection of personal information management (PIM) tools. A flaw was found in the way Evolution processes certain IMAP server messages. If a user can be tricked into connecting to a malicious IMAP server it may be possible to execute arbitrary code as the user running evolution. (CVE-2007-3257) All users of Evolution should upgrade to these updated packages, which contain a backported patch which resolves this issue.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 25606
    published 2007-06-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25606
    title RHEL 3 / 4 : evolution (RHSA-2007:0509)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0509.NASL
    description Updated evolution packages that fix a security bug are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Evolution is the GNOME collection of personal information management (PIM) tools. A flaw was found in the way Evolution processes certain IMAP server messages. If a user can be tricked into connecting to a malicious IMAP server it may be possible to execute arbitrary code as the user running evolution. (CVE-2007-3257) All users of Evolution should upgrade to these updated packages, which contain a backported patch which resolves this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25576
    published 2007-06-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25576
    title CentOS 3 / 4 : evolution (CESA-2007:0509)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0510.NASL
    description Updated evolution-data-server package that fixes a security bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The evolution-data-server package provides a unified backend for programs that work with contacts, tasks, and calendar information. A flaw was found in the way evolution-data-server processes certain IMAP server messages. If a user can be tricked into connecting to a malicious IMAP server it may be possible to execute arbitrary code as the user running the evolution-data-server process. (CVE-2007-3257) All users of evolution-data-server should upgrade to these updated packages, which contain a backported patch which resolves this issue.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 25607
    published 2007-06-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25607
    title RHEL 5 : evolution-data-server (RHSA-2007:0510)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_EVOLUTION-DATA-SERVER-3825.NASL
    description A malicious IMAP server could execute code within evolution by sending a malformed response to a SEQUENCE command. (CVE-2007-3257)
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27211
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27211
    title openSUSE 10 Security Update : evolution-data-server (evolution-data-server-3825)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1325.NASL
    description Several remote vulnerabilities have been discovered in Evolution, a groupware suite with mail client and organizer. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1002 Ulf Harnhammar discovered that a format string vulnerability in the handling of shared calendars may allow the execution of arbitrary code. - CVE-2007-3257 It was discovered that the IMAP code in the Evolution Data Server performs insufficient sanitising of a value later used an array index, which can lead to the execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25675
    published 2007-07-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25675
    title Debian DSA-1325-1 : evolution - several vulnerabilities
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20070625_EVOLUTION_ON_SL4_X.NASL
    description A flaw was found in the way Evolution processes certain IMAP server messages. If a user can be tricked into connecting to a malicious IMAP server it may be possible to execute arbitrary code as the user running evolution. (CVE-2007-3257)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60213
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60213
    title Scientific Linux Security Update : evolution on SL4.x, SL3.x i386/x86_64
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0509.NASL
    description From Red Hat Security Advisory 2007:0509 : Updated evolution packages that fix a security bug are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Evolution is the GNOME collection of personal information management (PIM) tools. A flaw was found in the way Evolution processes certain IMAP server messages. If a user can be tricked into connecting to a malicious IMAP server it may be possible to execute arbitrary code as the user running evolution. (CVE-2007-3257) All users of Evolution should upgrade to these updated packages, which contain a backported patch which resolves this issue.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67525
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67525
    title Oracle Linux 3 / 4 : evolution (ELSA-2007-0509)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20070625_EVOLUTION_ON_SL5_X.NASL
    description A flaw was found in the way evolution-data-server processes certain IMAP server messages. If a user can be tricked into connecting to a malicious IMAP server it may be possible to execute arbitrary code as the user running the evolution-data-server process. (CVE-2007-3257) Evolution crushed in first-time wizard stage for timezones: Europe/Moscow, Europe/Volgograd, Asia/Irkutsk, Asia/Makassar, Asia/Ujung_Pandang, Asia/Ulaanbaatar, Asia/Ulan_Bator. This bug is a consequence of removing TZNAME tag from timezone ICS VCARDs.
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60214
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60214
    title Scientific Linux Security Update : evolution on SL5.x i386/x86_64
oval via4
accepted 2013-04-29T04:15:32.632-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Camel (camel-imap-folder.c) in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index.
family unix
id oval:org.mitre.oval:def:11724
status accepted
submitted 2010-07-09T03:56:16-04:00
title Camel (camel-imap-folder.c) in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index.
version 24
redhat via4
advisories
  • bugzilla
    id 244277
    title CVE-2007-3257 evolution malicious server arbitrary code execution
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 3 is installed
        oval oval:com.redhat.rhsa:tst:20060015001
      • OR
        • AND
          • comment evolution is earlier than 0:1.4.5-21.el3
            oval oval:com.redhat.rhsa:tst:20070509002
          • comment evolution is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070353003
        • AND
          • comment evolution-devel is earlier than 0:1.4.5-21.el3
            oval oval:com.redhat.rhsa:tst:20070509004
          • comment evolution-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070353005
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhsa:tst:20060016001
      • OR
        • AND
          • comment evolution is earlier than 0:2.0.2-35.0.4.el4
            oval oval:com.redhat.rhsa:tst:20070509007
          • comment evolution is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070353003
        • AND
          • comment evolution-devel is earlier than 0:2.0.2-35.0.4.el4
            oval oval:com.redhat.rhsa:tst:20070509008
          • comment evolution-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070353005
    rhsa
    id RHSA-2007:0509
    released 2007-06-25
    severity Important
    title RHSA-2007:0509: evolution security update (Important)
  • bugzilla
    id 244277
    title CVE-2007-3257 evolution malicious server arbitrary code execution
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment evolution-data-server is earlier than 0:1.8.0-15.0.4.el5
          oval oval:com.redhat.rhsa:tst:20070510002
        • comment evolution-data-server is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070344003
      • AND
        • comment evolution-data-server-devel is earlier than 0:1.8.0-15.0.4.el5
          oval oval:com.redhat.rhsa:tst:20070510004
        • comment evolution-data-server-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070344005
    rhsa
    id RHSA-2007:0510
    released 2007-06-25
    severity Important
    title RHSA-2007:0510: evolution-data-server security update (Important)
rpms
  • evolution-0:1.4.5-21.el3
  • evolution-devel-0:1.4.5-21.el3
  • evolution-0:2.0.2-35.0.4.el4
  • evolution-devel-0:2.0.2-35.0.4.el4
  • evolution-data-server-0:1.8.0-15.0.4.el5
  • evolution-data-server-devel-0:1.8.0-15.0.4.el5
refmap via4
bid 24567
bugtraq 20070615 rPSA-2007-0122-1 evolution-data-server
debian
  • DSA-1321
  • DSA-1325
gentoo
  • GLSA-200707-03
  • GLSA-200711-04
mandriva MDKSA-2007:136
misc http://bugzilla.gnome.org/show_bug.cgi?id=447414
mlist [Evolution-hackers] 20070619 Evolution 2.11.4 , Evolution-Data-Server 1.11.4 , GtkHTML 3.15.4 and Evolution-Exchange 2.11.4 released
osvdb 37489
sectrack 1018284
secunia
  • 25765
  • 25766
  • 25774
  • 25777
  • 25793
  • 25798
  • 25843
  • 25880
  • 25894
  • 25906
  • 25958
  • 26083
sgi 20070602-01-P
suse
  • SUSE-SA:2007:042
  • SUSE-SR:2007:014
ubuntu USN-475-1
vupen ADV-2007-2282
xf gnome-imaprescan-code-execution(34964)
Last major update 30-10-2012 - 22:38
Published 19-06-2007 - 12:30
Last modified 16-10-2018 - 12:48
Back to Top