OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
[Full-disclosure] [ GLSA 200707-03 ] Evolution: User-assisted remote execution of arbitrary code

From: Raphael Marichez (falcogentoo.org)
Date: Mon Jul 02 2007 - 16:30:11 CDT

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200707-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: Evolution: User-assisted remote execution of arbitrary code
      Date: July 02, 2007
      Bugs: #182011
        ID: 200707-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

The IMAP client of Evolution contains a vulnerability potentially
leading to the execution of arbitrary code.

Background
==========

Evolution is the mail client of the GNOME desktop environment. Camel is
the Evolution Data Server module that handles mail functions.

Affected packages
=================

    -------------------------------------------------------------------
     Package / Vulnerable / Unaffected
    -------------------------------------------------------------------
  1 gnome-extra/evolution-data-server < 1.8.3-r5 >= 1.8.3-r5
                                                          *>= 1.6.2-r1

Description
===========

The imap_rescan() function of the file camel-imap-folder.c does not
properly sanitize the "SEQUENCE" response sent by an IMAP server before
being used to index arrays.

Impact
======

A malicious or compromised IMAP server could trigger the vulnerability
and execute arbitrary code with the permissions of the user running
Evolution.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Evolution users should upgrade evolution-data-server to the latest
version:

    # emerge --sync
    # emerge --ask --oneshot --verbose "gnome-extra/evolution-data-server"

References
==========

  [ 1 ] CVE-2007-3257
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3257

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200707-03.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
securitygentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2007 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iQEVAwUBRoluYzvRww8BFPxFAQLplAf+K+vku0QbKoUmDPtn5qg+WSOQJAFnhbjc
+ugyAtgvml5aqT1qDaGra/N+8lM/hac+U9/Rkdkf9BH13PKP9oToufMMcyDTlo2s
qMIteMrFrQFOW+nXYYOlGnq34FjjeBK84d5ZmhebgRgoRtOGs5zR08c1S0uIyn8q
wymen7UkxnOVh+h/RLd7WgPNKeWTlLh4fNfO8kGNkbZ41g+ONHlnWoIWeLIHksk1
K/D3LgxVj0wnLaQggkfJo8Q3xaxpbCKrsrcMNyAVeMbP+rKvSoUyL3UKDPRtm+zk
wDUH/SnaWOPklFoj+ciBc2TirEB4slvfDw555wQieAvkB2o1O1UmhQ==
=oLHX
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/