Red Hat Customer Portal

Skip to main content

CVE-2008-0072

Impact:
Critical
Public Date:
2008-03-05
Bugzilla:
435759: CVE-2008-0072 Evolution format string flaw

The MITRE CVE dictionary describes this issue as:

Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field.

Find out more about CVE-2008-0072 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.

Base Score 6.8
Base Metrics AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 4 (evolution28) RHSA-2008:0177 2008-03-05
Red Hat Enterprise Linux 5 (evolution) RHSA-2008:0177 2008-03-05
Red Hat Enterprise Linux Extended Update Support 4.5 (evolution) RHSA-2008:0178 2008-03-05
Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server) (evolution) RHSA-2008:0177 2008-03-05

Affected Packages State

Platform Package State
Red Hat Enterprise Linux version 4 evolution 2.0.2-35.0.4.el4_6.1 Fixed
Red Hat Enterprise Linux version 4 evolution28 2.8.0-53.el4_6.2 Fixed

Acknowledgements

Red Hat would like to thank Ulf Härnhammar of Secunia Research for finding and reporting this issue.

Last Modified