ID de Prueba:	1.3.6.1.4.1.25623.1.0.61134
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2008:111 (evolution)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to evolution announced via advisory MDVSA-2008:111. Alan Rad Pop of Secunia Research discovered the following two vulnerabilities in Evolution: Evolution did not properly validate timezone data when processing iCalendar attachments. If a user disabled the Itip Formatter plugin and viewed a crafted iCalendar attachment, an attacker could cause a denial of service or potentially execute arbitrary code with the user's privileges (CVE-2008-1108). Evolution also did not properly validate the DESCRIPTION field when processing iCalendar attachments. If a user were tricked into accepting a crafted iCalendar attachment and replied to it from the calendar window, an attacker could cause a denial of service or potentially execute arbitrary code with the user's privileges (CVE-2008-1109). In addition, Matej Cepl found that Evolution did not properly validate date fields when processing iCalendar attachments, which could lead to a denial of service if the user viewed a crafted iCalendar attachment with the Itip Formatter plugin disabled. Mandriva Linux has the Itip Formatter plugin enabled by default. The updated packages have been patched to prevent these issues. Affected: 2008.0, 2008.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:111 Risk factor : Critical CVSS Score: 9.3
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-1108 BugTraq ID: 29527 http://www.securityfocus.com/bid/29527 https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00157.html https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00178.html https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00179.html http://security.gentoo.org/glsa/glsa-200806-06.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:111 http://secunia.com/secunia_research/2008-22/advisory/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10471 http://www.redhat.com/support/errata/RHSA-2008-0514.html http://www.redhat.com/support/errata/RHSA-2008-0515.html http://www.redhat.com/support/errata/RHSA-2008-0516.html http://www.redhat.com/support/errata/RHSA-2008-0517.html http://www.securitytracker.com/id?1020169 http://secunia.com/advisories/30298 http://secunia.com/advisories/30527 http://secunia.com/advisories/30536 http://secunia.com/advisories/30564 http://secunia.com/advisories/30571 http://secunia.com/advisories/30702 http://secunia.com/advisories/30716 SuSE Security Announcement: SUSE-SA:2008:028 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00003.html http://www.ubuntu.com/usn/usn-615-1 http://www.vupen.com/english/advisories/2008/1732/references XForce ISS Database: evolution-icalendar-bo(42824) https://exchange.xforce.ibmcloud.com/vulnerabilities/42824 Common Vulnerability Exposure (CVE) ID: CVE-2008-1109 http://secunia.com/secunia_research/2008-23/advisory/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10337 http://www.securitytracker.com/id?1020170 XForce ISS Database: evolution-icalendar-description-bo(42826) https://exchange.xforce.ibmcloud.com/vulnerabilities/42826
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.