Red Hat Local Security Checks : RedHat Security Advisory RHSA-2008:0515

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.61067

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2008:0515

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2008:0515.

Evolution is the integrated collection of e-mail, calendaring, contact
management, communications and personal information management (PIM) tools
for the GNOME desktop environment.

A flaw was found in the way Evolution parsed iCalendar timezone attachment
data. If the Itip Formatter plug-in was disabled and a user opened a mail
with a carefully crafted iCalendar attachment, arbitrary code could be
executed as the user running Evolution. (CVE-2008-1108)

Note: the Itip Formatter plug-in, which allows calendar information
(attachments with a MIME type of text/calendar) to be displayed as part
of the e-mail message, is enabled by default.

A heap-based buffer overflow flaw was found in the way Evolution parsed
iCalendar attachments with an overly long DESCRIPTION property string. If
a user responded to a carefully crafted iCalendar attachment in a
particular way, arbitrary code could be executed as the user running
Evolution. (CVE-2008-1109).

The particular response required to trigger this vulnerability was as
follows:

1. Receive the carefully crafted iCalendar attachment.
2. Accept the associated meeting.
3. Open the calender the meeting was in.
4. Reply to the sender.

Red Hat would like to thank Alin Rad Pop of Secunia Research for
responsibly disclosing these issues.

All Evolution users should upgrade to these updated packages, which contain
backported patches which resolves these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2008-0515.html
http://www.redhat.com/security/updates/classification/#important

Risk factor : Critical

CVSS Score:
9.3

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-1108
BugTraq ID: 29527
http://www.securityfocus.com/bid/29527
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00157.html
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00178.html
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00179.html
http://security.gentoo.org/glsa/glsa-200806-06.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:111
http://secunia.com/secunia_research/2008-22/advisory/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10471
http://www.redhat.com/support/errata/RHSA-2008-0514.html
http://www.redhat.com/support/errata/RHSA-2008-0515.html
http://www.redhat.com/support/errata/RHSA-2008-0516.html
http://www.redhat.com/support/errata/RHSA-2008-0517.html
http://www.securitytracker.com/id?1020169
http://secunia.com/advisories/30298
http://secunia.com/advisories/30527
http://secunia.com/advisories/30536
http://secunia.com/advisories/30564
http://secunia.com/advisories/30571
http://secunia.com/advisories/30702
http://secunia.com/advisories/30716
SuSE Security Announcement: SUSE-SA:2008:028 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00003.html
http://www.ubuntu.com/usn/usn-615-1
http://www.vupen.com/english/advisories/2008/1732/references
XForce ISS Database: evolution-icalendar-bo(42824)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42824
Common Vulnerability Exposure (CVE) ID: CVE-2008-1109
http://secunia.com/secunia_research/2008-23/advisory/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10337
http://www.securitytracker.com/id?1020170
XForce ISS Database: evolution-icalendar-description-bo(42826)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42826

Copyright Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.61067
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2008:0515
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2008:0515. Evolution is the integrated collection of e-mail, calendaring, contact management, communications and personal information management (PIM) tools for the GNOME desktop environment. A flaw was found in the way Evolution parsed iCalendar timezone attachment data. If the Itip Formatter plug-in was disabled and a user opened a mail with a carefully crafted iCalendar attachment, arbitrary code could be executed as the user running Evolution. (CVE-2008-1108) Note: the Itip Formatter plug-in, which allows calendar information (attachments with a MIME type of text/calendar) to be displayed as part of the e-mail message, is enabled by default. A heap-based buffer overflow flaw was found in the way Evolution parsed iCalendar attachments with an overly long DESCRIPTION property string. If a user responded to a carefully crafted iCalendar attachment in a particular way, arbitrary code could be executed as the user running Evolution. (CVE-2008-1109). The particular response required to trigger this vulnerability was as follows: 1. Receive the carefully crafted iCalendar attachment. 2. Accept the associated meeting. 3. Open the calender the meeting was in. 4. Reply to the sender. Red Hat would like to thank Alin Rad Pop of Secunia Research for responsibly disclosing these issues. All Evolution users should upgrade to these updated packages, which contain backported patches which resolves these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2008-0515.html http://www.redhat.com/security/updates/classification/#important Risk factor : Critical CVSS Score: 9.3
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-1108 BugTraq ID: 29527 http://www.securityfocus.com/bid/29527 https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00157.html https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00178.html https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00179.html http://security.gentoo.org/glsa/glsa-200806-06.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:111 http://secunia.com/secunia_research/2008-22/advisory/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10471 http://www.redhat.com/support/errata/RHSA-2008-0514.html http://www.redhat.com/support/errata/RHSA-2008-0515.html http://www.redhat.com/support/errata/RHSA-2008-0516.html http://www.redhat.com/support/errata/RHSA-2008-0517.html http://www.securitytracker.com/id?1020169 http://secunia.com/advisories/30298 http://secunia.com/advisories/30527 http://secunia.com/advisories/30536 http://secunia.com/advisories/30564 http://secunia.com/advisories/30571 http://secunia.com/advisories/30702 http://secunia.com/advisories/30716 SuSE Security Announcement: SUSE-SA:2008:028 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00003.html http://www.ubuntu.com/usn/usn-615-1 http://www.vupen.com/english/advisories/2008/1732/references XForce ISS Database: evolution-icalendar-bo(42824) https://exchange.xforce.ibmcloud.com/vulnerabilities/42824 Common Vulnerability Exposure (CVE) ID: CVE-2008-1109 http://secunia.com/secunia_research/2008-23/advisory/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10337 http://www.securitytracker.com/id?1020170 XForce ISS Database: evolution-icalendar-description-bo(42826) https://exchange.xforce.ibmcloud.com/vulnerabilities/42826
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com