FreeBSD Local Security Checks : FreeBSD Ports: evolution

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.55177

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: evolution

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: evolution

CVE-2005-2549
Multiple format string vulnerabilities in Evolution 1.5 through
2.3.6.1 allow remote attackers to cause a denial of service (crash)
and possibly execute arbitrary code via (1) full vCard data, (2)
contact data from remote LDAP servers, or (3) task list data from
remote servers.

CVE-2005-2550
Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows
remote attackers to cause a denial of service (crash) and possibly
execute arbitrary code via the calendar entries such as task lists,
which are not properly handled when the user selects the Calendars
tab.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2005-2549
14532
http://www.securityfocus.com/bid/14532
16394
http://secunia.com/advisories/16394
19380
http://secunia.com/advisories/19380
20050810 Evolution multiple remote format string bugs
http://marc.info/?l=full-disclosure&m=112368237712032&w=2
http://www.securityfocus.com/archive/1/407789
DSA-1016
http://www.debian.org/security/2006/dsa-1016
FEDORA-2005-743
http://www.redhat.com/archives/fedora-announce-list/2005-August/msg00031.html
MDKSA-2005:141
http://www.mandriva.com/security/advisories?name=MDKSA-2005:141
RHSA-2005:267
http://www.redhat.com/support/errata/RHSA-2005-267.html
SUSE-SA:2005:054
http://www.novell.com/linux/security/advisories/2005_54_evolution.html
USN-166-1
https://usn.ubuntu.com/166-1/
http://www.sitic.se/eng/advisories_and_recommendations/sa05-001.html
oval:org.mitre.oval:def:9553
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9553
Common Vulnerability Exposure (CVE) ID: CVE-2005-2550
oval:org.mitre.oval:def:10880
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10880

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.55177
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: evolution
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: evolution CVE-2005-2549 Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) full vCard data, (2) contact data from remote LDAP servers, or (3) task list data from remote servers. CVE-2005-2550 Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the calendar entries such as task lists, which are not properly handled when the user selects the Calendars tab. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-2549 14532 http://www.securityfocus.com/bid/14532 16394 http://secunia.com/advisories/16394 19380 http://secunia.com/advisories/19380 20050810 Evolution multiple remote format string bugs http://marc.info/?l=full-disclosure&m=112368237712032&w=2 http://www.securityfocus.com/archive/1/407789 DSA-1016 http://www.debian.org/security/2006/dsa-1016 FEDORA-2005-743 http://www.redhat.com/archives/fedora-announce-list/2005-August/msg00031.html MDKSA-2005:141 http://www.mandriva.com/security/advisories?name=MDKSA-2005:141 RHSA-2005:267 http://www.redhat.com/support/errata/RHSA-2005-267.html SUSE-SA:2005:054 http://www.novell.com/linux/security/advisories/2005_54_evolution.html USN-166-1 https://usn.ubuntu.com/166-1/ http://www.sitic.se/eng/advisories_and_recommendations/sa05-001.html oval:org.mitre.oval:def:9553 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9553 Common Vulnerability Exposure (CVE) ID: CVE-2005-2550 oval:org.mitre.oval:def:10880 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10880
Copyright	Copyright (C) 2008 E-Soft Inc.