OpenBSD VuXML: Documenting security issues in the OpenBSD Ports & Packages Collection

evolution -- arbitrary code execution vulnerability

Affected packages
evolution < 1.2.4p0

Details

VuXML ID 84dd64b0-72cc-11d9-a56c-00065bd5b0b6
Discovery 2005-01-20
Entry 2005-01-30

Martin Joey Schulze reports:

Max Vozeler discovered an integer overflow in the helper application camel-lock-helper which runs setuid root or setgid mail inside of Evolution, a free groupware suite. A local attacker can cause the setuid root helper to execute arbitrary code with elevated privileges via a malicious POP server.

References

CVE Name CAN-2005-0102
URL http://cvs.gnome.org/viewcvs/evolution/camel/camel-lock-helper.c?rev=1.7&view=log#rev1.5.74.1

Copyright © 2003-2005 Jacques Vidrine, Robert Nagy, and contributors.
Please see the source of this document for full copyright information.