---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Evolution iCalendar Two Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA30298 VERIFY ADVISORY: http://secunia.com/advisories/30298/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: GNOME Evolution 2.x http://secunia.com/product/5525/ Novell Evolution 2.x http://secunia.com/product/4558/ DESCRIPTION: Secunia Research has discovered two vulnerabilities in Evolution, which can be exploited by malicious people to compromise a user's system. 1) A boundary error exists when parsing timezone strings contained within iCalendar attachments. This can be exploited to overflow a static buffer via an overly long timezone string. Successful exploitation allows execution of arbitrary code, but requires that the ITip Formatter plugin is disabled. 2) A boundary error exists when replying to an iCalendar request while in calendar view. This can be exploited to cause a heap-based buffer overflow via an overly long "DESCRIPTION" property included in an iCalendar attachment. Successful exploitation allows execution of arbitrary code, but requires that the user accepts the iCalendar request and replies to it from the "Calendars" window. The vulnerabilities are confirmed in version 2.22.1. Other versions may also be affected. SOLUTION: Do not select untrusted e-mail messages. Various Linux vendors will issue patched versions soon. PROVIDED AND/OR DISCOVERED BY: Alin Rad Pop, Secunia Research ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2008-22/ http://secunia.com/secunia_research/2008-23/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------