In association with heise online

05 March 2008, 13:52

Evolution has critical flaw

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Security service provider Secunia has reported a critical flaw in the Evolution e-mail and groupware program. Attackers can use crafted e-mails to exploit a programming flaw that allows them to execute their own code with the rights of the logged-on user when an e-mail is opened.

Secunia's Ulf Harnhammar discovered the way to code to inject and execute code. When version data from an encrypted email are displayed by the emf_multipart_encrypted() function, a format string error can occur.

Secunia recommends users not to open untrusted e-mails. To be on the safe side, Evolution should be completely avoided for the time being. In its security advisory, Secunia says that various Linux distributors will soon be providing patches.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit