Mandrake Linux Security Advisory : evolution (MDKSA-2005:024)
High Nessus Plugin ID 16290
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionMax Vozeler discovered an integer overflow in the camel-lock-helper application. This application is installed setgid mail by default. A local attacker could exploit this to execute malicious code with the privileges of the 'mail' group; likewise a remote attacker could setup a malicious POP server to execute arbitrary code when an Evolution user connects to it.
The updated packages have been patched to prevent this problem.
SolutionUpdate the affected evolution, evolution-devel and / or evolution-pilot packages.