CVE-2005-2550

Properties

Published:
11.08.2005
Updated:
21.08.2010
Patch available:
Severity:
High
CVSS vector:
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Product:
gnome: evolution
gnome: evolution
gnome: evolution
gnome: evolution
gnome: evolution
gnome: evolution
gnome: evolution
gnome: evolution
gnome: evolution
gnome: evolution
gnome: evolution

Vulnerability description

Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the calendar entries such as task lists, which are not properly handled when the user selects the Calendars tab.

References:

FULLDISC: http://marc.theaimsgroup.com/?l=full-disclosure&m=112368237712032&w=2
OVAL: http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10880
UBUNTU: http://www.ubuntulinux.org/support/documentation/usn/usn-166-1
MISC: http://www.sitic.se/eng/advisories_and_recommendations/sa05-001.html
BID: http://www.securityfocus.com/bid/14532
BUGTRAQ: http://www.securityfocus.com/archive/1/407789
REDHAT: http://www.redhat.com/support/errata/RHSA-2005-267.html
FEDORA: http://www.redhat.com/archives/fedora-announce-list/2005-August/msg00031.html
SUSE: http://www.novell.com/linux/security/advisories/2005_54_evolution.html
MANDRIVA: http://www.mandriva.com/security/advisories?name=MDKSA-2005:141
DEBIAN: http://www.debian.org/security/2006/dsa-1016
SECUNIA: http://secunia.com/advisories/19380
SECUNIA: http://secunia.com/advisories/16394