Red Hat Customer Portal

Skip to main content

CVE-2008-0072

Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field.

Details Source

Mitre

Public Date

2008-03-05 00:00:00

Impact

Critical

Bugzilla

CVE-2008-0072 Evolution format string flaw

Bugzilla ID

435 759

CVSS Status

verified

Base Score

6.80

Base Metrics

AV:N/AC:M/Au:N/C:P/I:P/A:P

Acknowledgements

Red Hat would like to thank Ulf Härnhammar of Secunia Research for finding and reporting this issue.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 4 RHSA-2008:0177 2008-03-05
Red Hat Enterprise Linux 5 (evolution) RHSA-2008:0177 2008-03-05
Red Hat Enterprise Linux Extended Update Support 4.5 (evolution) RHSA-2008:0178 2008-03-05
Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server) (evolution) RHSA-2008:0177 2008-03-05

Affected Packages State

Platform Package State
Red Hat Enterprise Linux version 4 evolution 2.0.2-35.0.4.el4_6.1 Fixed
Red Hat Enterprise Linux version 4 evolution28 2.8.0-53.el4_6.2 Fixed