 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.51421 |
| Category: | Conectiva Local Security Checks |
| Title: | Conectiva Security Advisory CLA-2003:648 |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing updates announced in advisory CLA-2003:648. Evolution is a Gnome-based personal information manager (PIM). It includes email, address book, calendar and other integrated features. Core Security Technologies found[1] several vulnerabilities in Evolution <= 1.2.2 and in the gtkhtml library (which is used by Evolution and other gnome programs to render basic HTML). These vulnerabilities can be exploited by remote attackers (using specially crafted e-mails) to crash evolution, cause general system instability through resource starvation or to bypass some security restrictions. The Common Vulnerabilities and Exposures (CVE) project has assigned the names CVE-2003-0128, CVE-2003-0129 and CVE-2003-0130 to the issues[2,3,4] discovered. In Conectiva Linux 7.0 and 8, Evolution is being upgraded to the 1.0.3 version with patches to fix the vulnerabilities. Note that in order to upgrade Evolution in Conectiva Linux 7.0, several packages had to be added (Gnome components necessary to run the 1.0.3 version of Evolution that were not distributed with Conectiva Linux 7.0). These packages are included in this update. The Evolution package distributed with Conectiva Linux 9 (evolution-1.2.2-28320cl) already has the fixes for its vulnerabilities [2,3]. For this version of Conectiva Linux, only the fix for the gtkhml vulnerability[4] is included. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.coresecurity.com/common/showdoc.php?idx=309&idxseccion=10 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0128 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0129 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0130 http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:648 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003 Risk factor : Medium CVSS Score: 5.0 |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2003-0128 BugTraq ID: 7117 http://www.securityfocus.com/bid/7117 Bugtraq: 20030319 CORE-2003-03-04-01: Multiple vulnerabilities in Ximian 's Evolution Mail User Agent (Google Search) http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0141.html Bugtraq: 20030321 GLSA: evolution (200303-18) (Google Search) http://marc.info/?l=bugtraq&m=104826470527308&w=2 Conectiva Linux advisory: CLA-2003:648 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000648 http://www.gentoo.org/security/en/glsa/glsa-200303-18.xml http://www.mandriva.com/security/advisories?name=MDKSA-2003:045 http://www.coresecurity.com/common/showdoc.php?idx=309&idxseccion=10 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A107 http://www.redhat.com/support/errata/RHSA-2003-108.html Common Vulnerability Exposure (CVE) ID: CVE-2003-0129 BugTraq ID: 7118 http://www.securityfocus.com/bid/7118 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A108 Common Vulnerability Exposure (CVE) ID: CVE-2003-0130 BugTraq ID: 7119 http://www.securityfocus.com/bid/7119 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A111 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |