[TriLUG] Multiple vulnerabilities identified in Evolution MUA
Mike Broome
mbroome at employees.org
Thu Mar 20 10:57:59 EST 2003
Three vulnerabilities in Evolution have been found:
* transparent decoding of uuencoded attachments; by including a
specially crafted UUE header as part of an otherwise perfectly normal
email an attacker has the ability to crash Evolution as soon as the
mail is parsed
* resource starvation (exhausting memory) when processing uuencoded
mail content multiple times
* with a specially crafted MIME Content-ID header as part of an image/*
MIME part, it is possible to include arbitrary data, including HTML
tags, into the stream that is passed to GTKHtml for rendering
Here's the link to the full advisory
http://www.securityfocus.com/advisories/5134
Mike
--
Mike Broome
mbroome(at)employees.org
More information about the TriLUG
mailing list