Red Hat Local Security Checks : RedHat Security Advisory RHSA-2005:397

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.52553

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2005:397

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2005:397.

Evolution is a GNOME-based collection of personal information management
(PIM) tools.

A bug was found in the way Evolution displays mail messages. It is possible
that an attacker could create a specially crafted mail message that when
opened by a victim causes Evolution to stop responding. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CVE-2005-0806 to this issue.

A bug was also found in Evolution's helper program camel-lock-helper. This
bug could allow a local attacker to gain root privileges if
camel-lock-helper has been built to execute with elevated privileges. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CVE-2005-0102 to this issue. On Red Hat Enterprise Linux,
camel-lock-helper is not built to execute with elevated privileges by
default. Please note however that if users have rebuilt Evolution from the
source RPM, as the root user, camel-lock-helper may be given elevated
privileges.

All users of evolution should upgrade to these updated packages, which
include backported fixes to correct these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2005-397.html

Risk factor : High

CVSS Score:
7.2

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2005-0102
BugTraq ID: 12354
http://www.securityfocus.com/bid/12354
Conectiva Linux advisory: CLA-2005:925
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000925
Debian Security Information: DSA-673 (Google Search)
http://www.debian.org/security/2005/dsa-673
http://security.gentoo.org/glsa/glsa-200501-35.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:024
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9616
http://www.redhat.com/support/errata/RHSA-2005-238.html
http://www.redhat.com/support/errata/RHSA-2005-397.html
http://securitytracker.com/id?1012981
http://secunia.com/advisories/13830
https://usn.ubuntu.com/69-1/
XForce ISS Database: evolution-camellockhelper-bo(19031)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19031
Common Vulnerability Exposure (CVE) ID: CVE-2005-0806
http://www.mandriva.com/security/advisories?name=MDKSA-2005:059
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10532
https://usn.ubuntu.com/166-1/

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.52553
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2005:397
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2005:397. Evolution is a GNOME-based collection of personal information management (PIM) tools. A bug was found in the way Evolution displays mail messages. It is possible that an attacker could create a specially crafted mail message that when opened by a victim causes Evolution to stop responding. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0806 to this issue. A bug was also found in Evolution's helper program camel-lock-helper. This bug could allow a local attacker to gain root privileges if camel-lock-helper has been built to execute with elevated privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0102 to this issue. On Red Hat Enterprise Linux, camel-lock-helper is not built to execute with elevated privileges by default. Please note however that if users have rebuilt Evolution from the source RPM, as the root user, camel-lock-helper may be given elevated privileges. All users of evolution should upgrade to these updated packages, which include backported fixes to correct these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-397.html Risk factor : High CVSS Score: 7.2
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0102 BugTraq ID: 12354 http://www.securityfocus.com/bid/12354 Conectiva Linux advisory: CLA-2005:925 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000925 Debian Security Information: DSA-673 (Google Search) http://www.debian.org/security/2005/dsa-673 http://security.gentoo.org/glsa/glsa-200501-35.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:024 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9616 http://www.redhat.com/support/errata/RHSA-2005-238.html http://www.redhat.com/support/errata/RHSA-2005-397.html http://securitytracker.com/id?1012981 http://secunia.com/advisories/13830 https://usn.ubuntu.com/69-1/ XForce ISS Database: evolution-camellockhelper-bo(19031) https://exchange.xforce.ibmcloud.com/vulnerabilities/19031 Common Vulnerability Exposure (CVE) ID: CVE-2005-0806 http://www.mandriva.com/security/advisories?name=MDKSA-2005:059 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10532 https://usn.ubuntu.com/166-1/
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com