This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
Alan Rad Pop of Secunia Research discovered the following two
vulnerabilities in Evolution :
Evolution did not properly validate timezone data when processing
iCalendar attachments. If a user disabled the Itip Formatter plugin
and viewed a crafted iCalendar attachment, an attacker could cause a
denial of service or potentially execute arbitrary code with the
user's privileges (CVE-2008-1108).
Evolution also did not properly validate the DESCRIPTION field when
processing iCalendar attachments. If a user were tricked into
accepting a crafted iCalendar attachment and replied to it from the
calendar window, an attacker could cause a denial of service or
potentially execute arbitrary code with the user's privileges
In addition, Matej Cepl found that Evolution did not properly validate
date fields when processing iCalendar attachments, which could lead to
a denial of service if the user viewed a crafted iCalendar attachment
with the Itip Formatter plugin disabled.
Mandriva Linux has the Itip Formatter plugin enabled by default.
The updated packages have been patched to prevent these issues.
Update the affected packages.
Risk factor :
High / CVSS Base Score : 9.3