Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2007:070 (evolution)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.58170

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2007:070 (evolution)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to evolution
announced via advisory MDKSA-2007:070.

A format string error in the write_html() function in calendar/gui/
e-cal-component-memo-preview.c when displaying a memo's categories can
potentially be exploited to execute arbitrary code via a specially
crafted shared memo containing format specifiers.

Updated packages have been patched to address this issue.

Affected: 2007.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2007:070

Risk factor : High

CVSS Score:
6.8

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2007-1002
BugTraq ID: 23073
http://www.securityfocus.com/bid/23073
Bugtraq: 20070321 Secunia Research: Evolution Shared Memo Categories Format StringVulnerability (Google Search)
http://www.securityfocus.com/archive/1/463406/100/0/threaded
Bugtraq: 20070405 FLEA-2007-0010-1: evolution (Google Search)
http://www.securityfocus.com/archive/1/464820/30/7170/threaded
Debian Security Information: DSA-1325 (Google Search)
http://www.debian.org/security/2007/dsa-1325
http://security.gentoo.org/glsa/glsa-200706-02.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:070
http://secunia.com/secunia_research/2007-44/advisory/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10100
RedHat Security Advisories: RHSA-2007:0158
https://rhn.redhat.com/errata/RHSA-2007-0158.html
http://www.securitytracker.com/id?1017808
http://secunia.com/advisories/24234
http://secunia.com/advisories/24651
http://secunia.com/advisories/24668
http://secunia.com/advisories/25102
http://secunia.com/advisories/25551
http://secunia.com/advisories/25880
SuSE Security Announcement: SUSE-SR:2007:015 (Google Search)
http://www.novell.com/linux/security/advisories/2007_15_sr.html
http://www.ubuntu.com/usn/usn-442-1
http://www.vupen.com/english/advisories/2007/1058
XForce ISS Database: evolution-writehtml-format-string(33106)
https://exchange.xforce.ibmcloud.com/vulnerabilities/33106

Copyright Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.58170
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2007:070 (evolution)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to evolution announced via advisory MDKSA-2007:070. A format string error in the write_html() function in calendar/gui/ e-cal-component-memo-preview.c when displaying a memo's categories can potentially be exploited to execute arbitrary code via a specially crafted shared memo containing format specifiers. Updated packages have been patched to address this issue. Affected: 2007.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2007:070 Risk factor : High CVSS Score: 6.8
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-1002 BugTraq ID: 23073 http://www.securityfocus.com/bid/23073 Bugtraq: 20070321 Secunia Research: Evolution Shared Memo Categories Format StringVulnerability (Google Search) http://www.securityfocus.com/archive/1/463406/100/0/threaded Bugtraq: 20070405 FLEA-2007-0010-1: evolution (Google Search) http://www.securityfocus.com/archive/1/464820/30/7170/threaded Debian Security Information: DSA-1325 (Google Search) http://www.debian.org/security/2007/dsa-1325 http://security.gentoo.org/glsa/glsa-200706-02.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:070 http://secunia.com/secunia_research/2007-44/advisory/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10100 RedHat Security Advisories: RHSA-2007:0158 https://rhn.redhat.com/errata/RHSA-2007-0158.html http://www.securitytracker.com/id?1017808 http://secunia.com/advisories/24234 http://secunia.com/advisories/24651 http://secunia.com/advisories/24668 http://secunia.com/advisories/25102 http://secunia.com/advisories/25551 http://secunia.com/advisories/25880 SuSE Security Announcement: SUSE-SR:2007:015 (Google Search) http://www.novell.com/linux/security/advisories/2007_15_sr.html http://www.ubuntu.com/usn/usn-442-1 http://www.vupen.com/english/advisories/2007/1058 XForce ISS Database: evolution-writehtml-format-string(33106) https://exchange.xforce.ibmcloud.com/vulnerabilities/33106
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com