Ximian Evolution < 1.2.3 UUEncoding Overflow DoS / Data Injection
Medium Nessus Network Monitor Plugin ID 1307
SynopsisThe remote host is vulnerable to a Denial of Service (DoS) attack and data injection.
DescriptionThe remote host is running a version of the Ximian Evolution email client that may be vulnerable to a Denial of Service attack or data injection. The Evolution mail client supports uuencoded content and decodes it automatically when a message is initially parsed. An attacker may be able to send a malformed message that will crash the mail client. Because Evolution automatically decodes uuencoded messages, the presence of the malformed message may cause a Denial of Service attack as the user will be unable to remove the message from her mailbox.
SolutionUpgrade to Evolution 1.2.3 or higher.