Miembros de
Boletines de Vulnerabilidades |
Ejecución de código en Evolution Shared Memo |
|
Clasificación de la vulnerabilidad |
|
| Propiedad | Valor |
| Nivel de Confianza | Oficial |
| Impacto | Obtener acceso |
| Dificultad | Experto |
| Requerimientos del atacante | Acceso remoto sin cuenta a un servicio exotico |
Información sobre el sistema |
|
| Propiedad | Valor |
| Fabricante afectado | GNU/Linux |
| Software afectado | Evolution Shared Memo <= 2.8.2.1 |
Descripción |
|
|
Se ha descubierto una vulnerabilidad en el formato de cadenas de caracteres en Evolution Shared Memo 2.8.2.1 y posiblemente en versiones anteriores. La vulnerabilidad reside en un error en la función "write_html()" en calendar/gui/e-cal-component-memo-preview.c. Un atacante remoto podría ejecutar código arbitrario mediante el formato especificado en las categorias en una zona de memoria compartida especialemente construida. |
|
Solución |
|
|
Actualización de software Mandriva Mandriva Linux 2007 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/evolution-2.8.0-1.1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/evolution-devel-2.8.0-1.1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/evolution-mono-2.8.0-1.1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/evolution-pilot-2.8.0-1.1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/SRPMS/evolution-2.8.0-1.1mdv2007.0.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/evolution-2.8.0-1.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/evolution-devel-2.8.0-1.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/evolution-mono-2.8.0-1.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/evolution-pilot-2.8.0-1.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/SRPMS/evolution-2.8.0-1.1mdv2007.0.src.rpm Red Hat (RHSA-2007:0158-2) RHEL Desktop Workstation (v. 5 client) RHEL Optional Productivity Applications (v. 5 server) Red Hat Enterprise Linux Desktop (v. 5 client) https://rhn.redhat.com/ Debian Debian Linux 4.0 Source http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch1.dsc http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch1.diff.gz http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3.orig.tar.gz Architecture independent http://security.debian.org/pool/updates/main/e/evolution/evolution-common_2.6.3-6etch1_all.deb Alpha http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch1_alpha.deb http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch1_alpha.deb http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch1_alpha.deb http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch1_alpha.deb http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch1_alpha.deb AMD64 http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch1_amd64.deb http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch1_amd64.deb http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch1_amd64.deb http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch1_amd64.deb http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch1_amd64.deb ARM http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch1_arm.deb http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch1_arm.deb http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch1_arm.deb http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch1_arm.deb http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch1_arm.deb HP Precision http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch1_hppa.deb http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch1_hppa.deb http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch1_hppa.deb http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch1_hppa.deb http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch1_hppa.deb Intel IA-32 http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch1_i386.deb http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch1_i386.deb http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch1_i386.deb http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch1_i386.deb http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch1_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch1_ia64.deb http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch1_ia64.deb http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch1_ia64.deb http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch1_ia64.deb http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch1_ia64.deb Little endian MIPS http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch1_mipsel.deb http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch1_mipsel.deb http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch1_mipsel.deb http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch1_mipsel.deb http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch1_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch1_powerpc.deb http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch1_powerpc.deb http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch1_powerpc.deb http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch1_powerpc.deb http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch1_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch1_s390.deb http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch1_s390.deb http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch1_s390.deb http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch1_s390.deb http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch1_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch1_sparc.deb http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch1_sparc.deb http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch1_sparc.deb http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch1_sparc.deb http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch1_sparc.deb Debian Linux 3.1 Source http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge2.dsc http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge2.diff.gz http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4.orig.tar.gz Alpha http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge2_alpha.deb http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge2_alpha.deb AMD64 http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge2_amd64.deb http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge2_amd64.deb ARM http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge2_arm.deb http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge2_arm.deb Intel IA-32 http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge2_i386.deb http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge2_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge2_ia64.deb http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge2_ia64.deb Motorola 680x0 http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge2_m68k.deb http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge2_m68k.deb Little endian MIPS http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge2_mipsel.deb http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge2_mipsel.deb IBM S/390 http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge2_s390.deb http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge2_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge2_sparc.deb http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge2_sparc.deb Suse Linux Las actualizaciones pueden descargarse mediante YAST o del servidor FTP oficial de Suse Linux. |
|
Identificadores estándar |
|
| Propiedad | Valor |
| CVE | CVE-2007-1002 |
| BID | |
Recursos adicionales |
|
|
Mandriva Security Advisory (MDKSA-2007:070) http://www.mandriva.com/security/advisories?name=MDKSA-2007:070 Red Hat Security Advisory (RHSA-2007:0158-2) https://rhn.redhat.com/errata/RHSA-2007-0158.html Debian Security Advisory (DSA 1325-1) http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00086.html SUSE Security Summary Report (SUSE-SR:2007:015) http://www.novell.com/linux/security/advisories/2007_15_sr.html |
|
Histórico de versiones |
||
| Versión | Comentario | Fecha |
| 1.0 | Aviso emitido | 2007-03-28 |
| 1.1 | Aviso emitido por Red Hat (RHSA-2007:0158-2) | 2007-05-08 |
| 1.2 | Aviso emitido por Debian (DSA 1325-1) | 2007-07-03 |
| 1.3 | Aviso emitido por Suse (SUSE-SR:2007:015) | 2007-08-07 |