ID CVE-2008-0072
Summary Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field.
References
Vulnerable Configurations
  • Linux Kernel
    cpe:2.3:o:linux:linux_kernel
  • GNOME Evolution 2.12.3
    cpe:2.3:a:gnome:evolution:2.12.3
CVSS
Base: 6.8 (as of 06-03-2008 - 13:42)
Impact:
Exploitability:
CWE CWE-134
CAPEC
  • Format String Injection
    An attacker includes formatting characters in a string input field on the target application. Most applications assume that users will provide static text and may respond unpredictably to the presence of formatting character. For example, in certain functions of the C programming languages such as printf, the formatting character %s will print the contents of a memory location expecting this location to identify a string and the formatting character %n prints the number of DWORD written in the memory. An attacker can use this to read or write to memory locations or files, or simply to manipulate the value of the resulting text in unexpected ways. Reading or writing memory may result in program crashes and writing memory could result in the execution of arbitrary code if the attacker can write to the program stack.
  • String Format Overflow in syslog()
    This attack targets the format string vulnerabilities in the syslog() function. An attacker would typically inject malicious input in the format string parameter of the syslog function. This is a common problem, and many public vulnerabilities and associated exploits have been posted.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0177.NASL
    description From Red Hat Security Advisory 2008:0177 : Updated evolution packages that fix a format string bug are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Evolution is the GNOME collection of personal information management (PIM) tools. A format string flaw was found in the way Evolution displayed encrypted mail content. If a user opened a carefully crafted mail message, arbitrary code could be executed as the user running Evolution. (CVE-2008-0072) All users of Evolution should upgrade to these updated packages, which contain a backported patch which resolves this issue. Red Hat would like to thank Ulf Harnhammar of Secunia Research for finding and reporting this issue.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67667
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67667
    title Oracle Linux 4 : evolution (ELSA-2008-0177)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0177.NASL
    description Updated evolution packages that fix a format string bug are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Evolution is the GNOME collection of personal information management (PIM) tools. A format string flaw was found in the way Evolution displayed encrypted mail content. If a user opened a carefully crafted mail message, arbitrary code could be executed as the user running Evolution. (CVE-2008-0072) All users of Evolution should upgrade to these updated packages, which contain a backported patch which resolves this issue. Red Hat would like to thank Ulf Harnhammar of Secunia Research for finding and reporting this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 31424
    published 2008-03-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31424
    title CentOS 4 / 5 : evolution (CESA-2008:0177)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0178.NASL
    description Updated evolution packages that fix a format string bug are now available for Red Hat Enterprise Linux 4.5 Extended Update Support. This update has been rated as having critical security impact by the Red Hat Security Response Team. Evolution is the GNOME collection of personal information management (PIM) tools. A format string flaw was found in the way Evolution displayed encrypted mail content. If a user opened a carefully crafted mail message, arbitrary code could be executed as the user running Evolution. (CVE-2008-0072) All users of Evolution should upgrade to these updated packages, which contain a backported patch which resolves this issue. Red Hat would like to thank Ulf Harnhammar of Secunia Research for finding and reporting this issue.
    last seen 2019-02-21
    modified 2016-05-26
    plugin id 63849
    published 2013-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63849
    title RHEL 4 : evolution (RHSA-2008:0178)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0177.NASL
    description Updated evolution packages that fix a format string bug are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Evolution is the GNOME collection of personal information management (PIM) tools. A format string flaw was found in the way Evolution displayed encrypted mail content. If a user opened a carefully crafted mail message, arbitrary code could be executed as the user running Evolution. (CVE-2008-0072) All users of Evolution should upgrade to these updated packages, which contain a backported patch which resolves this issue. Red Hat would like to thank Ulf Harnhammar of Secunia Research for finding and reporting this issue.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 31389
    published 2008-03-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31389
    title RHEL 4 / 5 : evolution (RHSA-2008:0177)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_EVOLUTION-5086.NASL
    description This update of evolution fixes multiple format-string vulnerabilities that can occur while processing encrypted messages. (CVE-2008-0072)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 31453
    published 2008-03-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31453
    title SuSE 10 Security Update : evolution (ZYPP Patch Number 5086)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-2290.NASL
    description Ulf Harnhammar of Secunia Research discovered a format string flaw in the way Evolution displayed encrypted mail content. If a user opened a carefully crafted mail message, arbitrary code could be executed as the user running Evolution. (CVE-2008-0072) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 31374
    published 2008-03-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31374
    title Fedora 7 : evolution-2.10.3-8.fc7 (2008-2290)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2008-063.NASL
    description Ulf Harnhammar of Secunia Research discovered a format string flaw in how Evolution displayed encrypted mail content. If a user were to open a carefully crafted email message, arbitrary code could be executed with the permissions of the user running Evolution. The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 36634
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36634
    title Mandriva Linux Security Advisory : evolution (MDVSA-2008:063)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-583-1.NASL
    description Ulf Harnhammar discovered that Evolution did not correctly handle format strings when processing encrypted emails. A remote attacker could exploit this by sending a specially crafted email, resulting in arbitrary code execution. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 31405
    published 2008-03-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31405
    title Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : evolution vulnerability (USN-583-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_EVOLUTION-5087.NASL
    description This update of evolution fixes multiple format-string vulnerabilities that can occur while processing encrypted messages. (CVE-2008-0072)
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 31454
    published 2008-03-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31454
    title openSUSE 10 Security Update : evolution (evolution-5087)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1512.NASL
    description Ulf Harnhammar discovered that Evolution, the e-mail and groupware suite, had a format string vulnerability in the parsing of encrypted mail messages. If the user opened a specially crafted email message, code execution was possible.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 31359
    published 2008-03-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31359
    title Debian DSA-1512-1 : evolution - format string attack
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200803-12.NASL
    description The remote host is affected by the vulnerability described in GLSA-200803-12 (Evolution: Format string vulnerability) Ulf Harnhammar from Secunia Research discovered a format string error in the emf_multipart_encrypted() function in the file mail/em-format.c when reading certain data (e.g. the 'Version:' field) from an encrypted e-mail. Impact : A remote attacker could entice a user to open a specially crafted encrypted e-mail, potentially resulting in the execution of arbitrary code with the privileges of the user running Evolution. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 31387
    published 2008-03-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31387
    title GLSA-200803-12 : Evolution: Format string vulnerability
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-2292.NASL
    description Ulf Harnhammar of Secunia Research discovered a format string flaw in the way Evolution displayed encrypted mail content. If a user opened a carefully crafted mail message, arbitrary code could be executed as the user running Evolution. (CVE-2008-0072) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 31375
    published 2008-03-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31375
    title Fedora 8 : evolution-2.12.3-3.fc8 (2008-2292)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20080305_EVOLUTION_ON_SL4_X.NASL
    description A format string flaw was found in the way Evolution displayed encrypted mail content. If a user opened a carefully crafted mail message, arbitrary code could be executed as the user running Evolution. (CVE-2008-0072)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60369
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60369
    title Scientific Linux Security Update : evolution on SL4.x, SL5.x i386/x86_64
oval via4
accepted 2013-04-29T04:07:53.767-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field.
family unix
id oval:org.mitre.oval:def:10701
status accepted
submitted 2010-07-09T03:56:16-04:00
title Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field.
version 24
redhat via4
advisories
  • bugzilla
    id 435759
    title CVE-2008-0072 Evolution format string flaw
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhba:tst:20070304001
      • OR
        • AND
          • comment evolution is earlier than 0:2.0.2-35.0.4.el4_6.1
            oval oval:com.redhat.rhsa:tst:20080177002
          • comment evolution is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070353003
        • AND
          • comment evolution-devel is earlier than 0:2.0.2-35.0.4.el4_6.1
            oval oval:com.redhat.rhsa:tst:20080177004
          • comment evolution-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070353005
        • AND
          • comment evolution28 is earlier than 0:2.8.0-53.el4_6.2
            oval oval:com.redhat.rhsa:tst:20080177006
          • comment evolution28 is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20080177007
        • AND
          • comment evolution28-devel is earlier than 0:2.8.0-53.el4_6.2
            oval oval:com.redhat.rhsa:tst:20080177008
          • comment evolution28-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20080177009
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331001
      • OR
        • AND
          • comment evolution is earlier than 0:2.8.0-40.el5_1.1
            oval oval:com.redhat.rhsa:tst:20080177011
          • comment evolution is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070158003
        • AND
          • comment evolution-devel is earlier than 0:2.8.0-40.el5_1.1
            oval oval:com.redhat.rhsa:tst:20080177013
          • comment evolution-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070158005
    rhsa
    id RHSA-2008:0177
    released 2008-03-05
    severity Critical
    title RHSA-2008:0177: evolution security update (Critical)
  • rhsa
    id RHSA-2008:0178
rpms
  • evolution-0:2.0.2-35.0.4.el4_6.1
  • evolution-devel-0:2.0.2-35.0.4.el4_6.1
  • evolution28-0:2.8.0-53.el4_6.2
  • evolution28-devel-0:2.8.0-53.el4_6.2
  • evolution-0:2.8.0-40.el5_1.1
  • evolution-devel-0:2.8.0-40.el5_1.1
refmap via4
bid 28102
bugtraq 20080528 rPSA-2008-0105-1 evolution
cert-vn VU#512491
confirm
debian DSA-1512
fedora
  • FEDORA-2008-2290
  • FEDORA-2008-2292
gentoo GLSA-200803-12
mandriva MDVSA-2008:063
misc http://secunia.com/secunia_research/2008-8/advisory/
sectrack 1019540
secunia
  • 29057
  • 29163
  • 29210
  • 29244
  • 29258
  • 29264
  • 29317
  • 30437
  • 30491
suse SUSE-SA:2008:014
ubuntu USN-583-1
vupen ADV-2008-0768
xf evolution-emfmultipart-format-string(41011)
Last major update 07-03-2011 - 00:00
Published 05-03-2008 - 19:44
Last modified 15-10-2018 - 17:57
Back to Top