FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

evolution -- remote format string vulnerabilities

Affected packages
1.5 < evolution < 2.2.3_1

Details

VuXML ID e5afdf63-1746-11da-978e-0001020eed82
Discovery 2005-08-10
Entry 2005-08-27
Modified 2006-03-24

A SITIC Vulnerability Advisory reports:

Evolution suffers from several format string bugs when handling data from remote sources. These bugs lead to crashes or the execution of arbitrary assembly language code.

  1. The first format string bug occurs when viewing the full vCard data attached to an e-mail message.
  2. The second format string bug occurs when displaying contact data from remote LDAP servers.
  3. The third format string bug occurs when displaying task list data from remote servers.
  4. The fourth, and least serious, format string bug occurs when the user goes to the Calendars tab to save task list data that is vulnerable to problem 3 above. Other calendar entries that do not come from task lists are also affected.

References

Bugtraq ID 14532
CVE Name CVE-2005-2549
CVE Name CVE-2005-2550
URL http://www.sitic.se/eng/advisories_and_recommendations/sa05-001.html