CVE-2005-2549 Information
Description
Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) full vCard data (2) contact data from remote LDAP servers or (3) task list data from remote servers.
Reference
http://marc.info/?l=full-disclosure&m=112368237712032&w=2 http://secunia.com/advisories/16394 http://secunia.com/advisories/19380 http://www.debian.org/security/2006/dsa-1016 http://www.mandriva.com/security/advisories?name=MDKSA-2005:141 http://www.novell.com/linux/security/advisories/2005_54_evolution.html http://www.redhat.com/archives/fedora-announce-list/2005-August/msg00031.html http://www.redhat.com/support/errata/RHSA-2005-267.html http://www.securityfocus.com/archive/1/407789 http://www.securityfocus.com/bid/14532 http://www.sitic.se/eng/advisories_and_recommendations/sa05-001.html https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A9553 https://usn.ubuntu.com/166-1/
Share on: