SuSE Update For Evolution,evolution-data-server SUSE-SA:2007:042 Network Vulnerability

Impact

remote code execution

Solution

Please Install the Updated Packages.

Insight

A malicious IMAP server could execute code within evolution by sending a malformed response to a SEQUENCE command. CVE-2007-3257 This requires the user to connect to this malicious server (or a DNS entry of a good one replaced pointed to a malicious one) For older products the problematic code lives in the evolution package, for newer ones in the evolution-data-server package.

Affected

evolution,evolution-data-server on SUSE LINUX 10.1, openSUSE 10.2, Novell Linux Desktop 9, SUSE Linux Enterprise Desktop 10 SP1, SUSE Linux Enterprise Server 10 SP1

References

http://www.novell.com/linux/security/advisories/2007_42_evolution.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2007-3257
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

SLES10: Security update for hal
SLES10: Security update for bind
SLES10: Security update for Mono
SLES10: Security update for mtr
SLES10: Security update for OpenSSL

SuSE Update for evolution,evolution-data-server SUSE-SA:2007:042

Take action and discover your vulnerabilities