You are here

CVE-2008-1108

Vincent (CVE) Danen's picture
Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment.

Details Source

Mitre

Public Date

2008-06-04 00:00:00

Impact

Critical

Bugzilla

CVE-2008-1108 evolution: iCalendar buffer overflow via large timezone specification

Bugzilla ID

448 540

CVSS Status

verified

Base Score

7.50

Base Metrics

AV:N/AC:L/Au:N/C:P/I:P/A:P

Acknowledgements

Red Hat would like to thank Alin Rad Pop of Secunia Research for responsibly disclosing this issue.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux Extended Update Support 4.5 (evolution) RHSA-2008:0517 2008-06-04
Red Hat Enterprise Linux 5 (evolution) RHSA-2008:0514 2008-06-04
Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server) (evolution) RHSA-2008:0514 2008-06-04
Red Hat Enterprise Linux 4 (evolution28) RHSA-2008:0515 2008-06-04
Red Hat Enterprise Linux 4 (evolution) RHSA-2008:0516 2008-06-04
Red Hat Enterprise Linux 3 (evolution) RHSA-2008:0516 2008-06-04

CWE

CWE-119