FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-3257

This CVE name corresponds to:

Entered Topic
2007-06-25 evolution-data-server -- remote execution of arbitrary code vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-3257 at cve.mitre.org

Details

Type Candidate
Name CVE-2007-3257
Phase Assigned(20070619)

Description

Camel (camel-imap-folder.c) in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index.

References

Source Reference
BUGTRAQ 20070615 rPSA-2007-0122-1 evolution-data-server
MLIST [Evolution-hackers] 20070619 Evolution 2.11.4 , Evolution-Data-Server 1.11.4 , GtkHTML 3.15.4 and Evolution-Exchange 2.11.4 released
MISC http://bugzilla.gnome.org/show_bug.cgi?id=447414
DEBIAN DSA-1321
DEBIAN DSA-1325
GENTOO GLSA-200707-03
GENTOO GLSA-200711-04
MANDRIVA MDKSA-2007:136
REDHAT RHSA-2007:0509
REDHAT RHSA-2007:0510
SGI 20070602-01-P
SUSE SUSE-SA:2007:042
SUSE SUSE-SR:2007:014
UBUNTU USN-475-1
BID 24567
OSVDB 37489
OVAL oval:org.mitre.oval:def:11724
VUPEN ADV-2007-2282
SECTRACK 1018284
SECUNIA 25766
SECUNIA 25765
SECUNIA 25774
SECUNIA 25798
SECUNIA 25777
SECUNIA 25793
SECUNIA 25843
SECUNIA 25894
SECUNIA 25906
SECUNIA 25880
SECUNIA 25958
SECUNIA 26083
XF gnome-imaprescan-code-execution(34964)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.