Ubuntu Security Notice (C) 2005-2015 Canonical, Inc. / NASL script (C) 2006-2015 Tenable Network Security, Inc.
The remote Ubuntu host is missing one or more security-related patches.
Ulf Harnhammar disovered several format string vulnerabilities in
Evolution. By tricking an user into viewing a specially crafted vCard
attached to an email, specially crafted contact data from an LDAP
server, specially crafted task lists from remote servers, or saving
Calendar entries with this malicious task list data, it was possible
for an attacker to execute arbitrary code with the privileges of the
user running Evolution.
In addition, this update fixes a Denial of Service vulnerability in
the mail attachment parser. This could be exploited to crash Evolution
by tricking an user into opening a malicious email with a specially
crafted attachment file name. This does only affect the Ubuntu 4.10
version, the Evolution package shipped with Ubuntu 5.04 is not
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : false
Family: Ubuntu Local Security Checks
Nessus Plugin ID: 20572 ()
Bugtraq ID: 14532
CVE ID: CVE-2005-0806
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.