icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Ximian Evolution < 1.2.3 UUEncoding Overflow DoS / Data Injection

Medium

Synopsis

The remote host is vulnerable to a Denial of Service (DoS) attack and data injection.

Description

The remote host is running a version of the Ximian Evolution email client that may be vulnerable to a Denial of Service attack or data injection. The Evolution mail client supports uuencoded content and decodes it automatically when a message is initially parsed. An attacker may be able to send a malformed message that will crash the mail client. Because Evolution automatically decodes uuencoded messages, the presence of the malformed message may cause a Denial of Service attack as the user will be unable to remove the message from her mailbox.

Solution

Upgrade to Evolution 1.2.3 or higher.