Bugtraqmailing list archives

By Date

By Thread

[ GLSA 200501-35 ] Evolution: Integer overflow in camel-lock-helper

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Gentoo Linux Security Advisory                           GLSA 200501-35- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -http://security.gentoo.org/- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  Severity: High     Title: Evolution: Integer overflow in camel-lock-helper      Date: January 24, 2005      Bugs: #79183        ID: 200501-35- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Synopsis========An overflow in the camel-lock-helper application can be exploited by anattacker to execute arbitrary code with elevated privileges.Background==========Evolution is a GNOME groupware application similar to MicrosoftOutlook.Affected packages=================    -------------------------------------------------------------------     Package                /  Vulnerable  /                Unaffected    -------------------------------------------------------------------  1  mail-client/evolution      <= 2.0.2                   >= 2.0.2-r1Description===========Max Vozeler discovered an integer overflow in the camel-lock-helperapplication, which is installed as setgid mail by default.Impact======A local attacker could exploit this vulnerability to execute maliciouscode with the privileges of the 'mail' group. A remote attacker couldalso setup a malicious POP server to execute arbitrary code when anEvolution user connects to it.Workaround==========There is no known workaround at this time.Resolution==========All Evolution users should upgrade to the latest version:    # emerge --sync    # emerge --ask --oneshot --verbose    # ">=mail-client/evolution-2.0.2-r1"References==========  [ 1 ] CAN-2005-0102http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0102Availability============This GLSA and any updates to it are available for viewing atthe Gentoo Security Website:http://security.gentoo.org/glsa/glsa-200501-35.xmlConcerns?=========Security is a primary focus of Gentoo Linux and ensuring theconfidentiality and security of our users machines is of utmostimportance to us. Any security concerns should be addressed tosecurity () gentoo org or alternatively, you may file a bug athttp://bugs.gentoo.org.License=======Copyright 2005 Gentoo Foundation, Inc; referenced textbelongs to its owner(s).The contents of this document are licensed under theCreative Commons - Attribution / Share Alike license.http://creativecommons.org/licenses/by-sa/2.0

Attachment:_bin
Description:

By Date

By Thread

Current thread:

• [ GLSA 200501-35 ] Evolution: Integer overflow in camel-lock-helperLuke Macken (Jan 24)