Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Ximian Evolution < 1.2.3 UUEncoding Overflow DoS / Data Injection

Medium

Synopsis

The remote host is vulnerable to a Denial of Service (DoS) attack and data injection.

Description

The remote host is running a version of the Ximian Evolution email client that may be vulnerable to a Denial of Service attack or data injection. The Evolution mail client supports uuencoded content and decodes it automatically when a message is initially parsed. An attacker may be able to send a malformed message that will crash the mail client. Because Evolution automatically decodes uuencoded messages, the presence of the malformed message may cause a Denial of Service attack as the user will be unable to remove the message from her mailbox.

Solution

Upgrade to Evolution 1.2.3 or higher.