FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

evolution -- arbitrary code execution vulnerability

Affected packages
evolution < 2.0.3_1

Details

VuXML ID b8943e61-6e68-11d9-a9e7-0001020eed82
Discovery 2005-01-20
Entry 2005-01-25
Modified 2005-02-02

Martin Joey Schulze reports:

Max Vozeler discovered an integer overflow in the helper application camel-lock-helper which runs setuid root or setgid mail inside of Evolution, a free groupware suite. A local attacker can cause the setuid root helper to execute arbitrary code with elevated privileges via a malicious POP server.

References

Bugtraq ID 12354
CVE Name CVE-2005-0102
URL http://cvs.gnome.org/viewcvs/evolution/camel/camel-lock-helper.c?rev=1.7&view=log#rev1.5.74.1