Published: 12/02/2009 Updated: 29/09/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Evolution 2.22.3.1 checks S/MIME signatures against a copy of the e-mail text within a signed-data blob, not the copy of the e-mail text displayed to the user, which allows remote malicious users to spoof a signature by modifying the latter copy, a different vulnerability than CVE-2008-5077.

Vulnerable Product	Search on Vulmon	Subscribe to Product
evolution evolution 2.22.3.1

Debian Bug report logs - #508479 evolution shows a SMIME signed messages as ok even if modified Package: evolution-data-server; Maintainer for evolution-data-server is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Source for evolution-data-server is src:evolution-data-server (PTS, buildd, popcon) ...

Synopsis Moderate: evolution-data-server security update Type/Severity Security Advisory: Moderate Topic Updated evolution-data-server and evolution28-evolution-data-serverpackages that fix multiple security issues are now available for Red HatEnterprise Linux 4 and 5This update has been rated as having mo ...

Synopsis Moderate: evolution and evolution-data-server security update Type/Severity Security Advisory: Moderate Topic Updated evolution and evolution-data-server packages that fixes multiplesecurity issues are now available for Red Hat Enterprise Linux 4This update has been rated as having moderate securi ...

Several vulnerabilities have been found in evolution-data-server, the database backend server for the evolution groupware suite The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0587 It was discovered that evolution-data-server is prone to integer overflows triggered by large base64 strings CVE-2009-054 ...

CWE-310 http://secunia.com/advisories/33848 http://www.securityfocus.com/bid/33720 https://bugzilla.redhat.com/show_bug.cgi?id=484925 http://openwall.com/lists/oss-security/2009/02/10/7 http://bugzilla.gnome.org/show_bug.cgi?id=564465 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508479 http://www.redhat.com/support/errata/RHSA-2009-0355.html http://secunia.com/advisories/34338 http://secunia.com/advisories/34339 http://www.redhat.com/support/errata/RHSA-2009-0354.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00666.html http://secunia.com/advisories/34363 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00672.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:078 http://secunia.com/advisories/35357 http://www.debian.org/security/2009/dsa-1813 http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html http://secunia.com/advisories/38915 http://www.vupen.com/english/advisories/2010/1107 http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9619 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508479 https://nvd.nist.gov https://www.debian.org/security/./dsa-1813

CVE-2009-0547

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect