Gnome Evolution数据服务器负数SEQUENCE数组索引漏洞

漏洞信息详情

Gnome Evolution数据服务器负数SEQUENCE数组索引漏洞

• CNNVD编号：CNNVD-200706-278
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2007-3257
  
• 漏洞类型：
  
  
  其他
  
• 发布时间：
  
  2007-06-19
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2007-08-13
  
• 厂        商：
  
  gnome
• 漏洞来源：
  Philip Van Hoof

Evolution是GNOME项目的一套用于Linux下Gnome桌面环境的邮件客户端程序。该程序提供Email、日历、会议安排、联系人管理等功能。

Evolution在处理畸形的IMAP服务器返回信息时存在漏洞，远程攻击者可能利用此漏洞控制用户机器。

Evolution的camel/providers/imap/camel-imap-folder.c文件中imap_rescan()函数没有正确地过滤SEQUENCE值便将其用到了索引数组中。SEQUENCE值是通过strtol从字符串转换的，可能为负值，而imap_rescan仅检查了!seq和seq＞summary.length却没有检查seq 0便将该值用作了int型，也就是可以通过更改IMAP服务器的输出向数组查询中注入负数的索引数，如果用户受骗连接到了恶意的IMAP服务器的话，精心计算的负数值可能会覆盖数组开始附近的指令指针，导致执行任意指令。

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

Debian

——

Debian已经为此发布了一个安全公告(DSA-1321-1)以及相应补丁:

DSA-1321-1：New evolution-data-server packages fix arbitrary code execution

链接：

http://www.debian.org/security/2007/dsa-1321

补丁下载：

Source archives:

http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_1.6.3-5etch1.dsc

Size/MD5 checksum: 1729 c6bba980d10af2b16f1d71759b49ec95

http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_1.6.3-5etch1.diff.gz

Size/MD5 checksum:53304 9b33f8055b3e5c137db24fe0b8589d5a

http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_1.6.3.orig.tar.gz

Size/MD5 checksum:9912159 b68864722532715d721f32e8a10660a1

Architecture independent components:

http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-common_1.6.3-5etch1_all.deb

Size/MD5 checksum:1924028 cbb1b41e70aac90317bd5ec2d7b698e5

Alpha architecture:

http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_1.6.3-5etch1_alpha.deb

Size/MD5 checksum: 556802 bd8e88888fbf9d1f73a2dbdd81c8f64e

http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dbg_1.6.3-5etch1_alpha.deb

Size/MD5 checksum:3257252 3b463e7efee698ff72abb5c73e33d34d

http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dev_1.6.3-5etch1_alpha.deb

Size/MD5 checksum:53720 9af9c81737f414ce56a5ad17a03d08da

http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-8_1.6.3-5etch1_alpha.deb

Size/MD5 checksum: 382094 f5f44fcb5cfbcaba9fb2305056a5a8cd

http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-dev_1.6.3-5etch1_alpha.deb

Size/MD5 checksum: 117714 8fda2cca035c648f4b728092a00d04ac

http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-5_1.6.3-5etch1_alpha.deb

Size/MD5 checksum: 140362 82a9c78d49ec19318f0730b71a0106c5

http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-dev_1.6.3-5etch1_alpha.deb

Size/MD5 checksum: 122276 8883011de65e5d5301fab7c2873689bd

http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-6_1.6.3-5etch1_alpha.deb

Size/MD5 checksum: 332960 c6337a0f853f3b4b1c89032e7373ec74

http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-dev_1.6.3-5etch1_alpha.deb

Size/MD5 checksum: 173334 f56bbb7e36d0f525908f7d27205601e8

http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-2_1.6.3-5etch1_alpha.deb

Size/MD5 checksum: 101688 5e39de1e1061ccc8ff26cd5917357b66

http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-dev_1.6.3-5etch1_alpha.deb

Size/MD5 checksum:70578 771e3270ccb615f2547f658046098186

http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-5_1.6.3-5etch1_alpha.deb

Size/MD5 checksum: 112638 eeb08bf406dca3da09650f22389168b9

http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-dev_1.6.3-5etch1_alpha.deb

Size/MD5 checksum: 106530 55be0bfab564de1ced2dfc525e243133

http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-7_1.6.3-5etch1_alpha.deb

Size/MD5 checksum: 128200 ba05239e9ee0816bfcb31dc8336b05b2

http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-dev_1.6.3-5etch1_alpha.deb

Size/MD5 checksum: 124050 34e4a0461615fde1f9e88cf7d8c71d2e

http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-6_1.6.3-5etch1_alpha.deb

Size/MD5 checksum: 127304 fd1df43b9c5931c48a96fd51cca93797

http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-dev_1.6.3-5etch1_alpha.deb

Size/MD5 checksum:60908 1993be7f66dbccb0dea1e879863f5e42

http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-10_1.6.3-5etch1_alpha.deb

Size/MD5 checksum: 111680 a107244ed54f

来源: MISC

链接:http://bugzilla.gnome.org/show_bug.cgi?id=447414

来源: XF

名称: gnome-imaprescan-code-execution(34964)

链接:http://xforce.iss.net/xforce/xfdb/34964

来源: UBUNTU

名称: USN-475-1

链接:http://www.ubuntu.com/usn/usn-475-1

来源: SECTRACK

名称: 1018284

链接:http://www.securitytracker.com/id?1018284

来源: BID

名称: 24567

链接:http://www.securityfocus.com/bid/24567

来源: BUGTRAQ

名称: 20070615 rPSA-2007-0122-1 evolution-data-server

链接:http://www.securityfocus.com/archive/1/archive/1/471455/100/0/threaded

来源: REDHAT

名称: RHSA-2007:0510

链接:http://www.redhat.com/support/errata/RHSA-2007-0510.html

来源: REDHAT

名称: RHSA-2007:0509

链接:http://www.redhat.com/support/errata/RHSA-2007-0509.html

来源: SUSE

名称: SUSE-SA:2007:042

链接:http://www.novell.com/linux/security/advisories/2007_42_evolution.html

来源: SUSE

名称: SUSE-SR:2007:014

链接:http://www.novell.com/linux/security/advisories/2007_14_sr.html

来源: MANDRIVA

名称: MDKSA-2007:136

链接:http://www.mandriva.com/security/advisories?name=MDKSA-2007:136

来源: GENTOO

名称: GLSA-200707-03

链接:http://www.gentoo.org/security/en/glsa/glsa-200707-03.xml

来源: VUPEN

名称: ADV-2007-2282

链接:http://www.frsirt.com/english/advisories/2007/2282

来源: DEBIAN

名称: DSA-1325

链接:http://www.debian.org/security/2007/dsa-1325

来源: DEBIAN

名称: DSA-1321

链接:http://www.debian.org/security/2007/dsa-1321

来源: GENTOO

名称: GLSA-200711-04

链接:http://security.gentoo.org/glsa/glsa-200711-04.xml

来源: SECUNIA

名称: 26083

链接:http://secunia.com/advisories/26083

来源: SECUNIA

名称: 25958

链接:http://secunia.com/advisories/25958

来源: SECUNIA

名称: 25906

链接:http://secunia.com/advisories/25906

来源: SECUNIA

名称: 25894

链接:http://secunia.com/advisories/25894

来源: SECUNIA

名称: 25880

链接:http://secunia.com/advisories/25880

来源: SECUNIA

名称: 25843

链接:http://secunia.com/advisories/25843

来源: SECUNIA

名称: 25798

链接:http://secunia.com/advisories/25798

来源: SECUNIA

名称: 25793

链接:http://secunia.com/advisories/25793

来源: SECUNIA

名称: 25777

链接:http://secunia.com/advisories/25777

来源: SECUNIA

名称: 25774

链接:http://secunia.com/advisories/25774

来源: SECUNIA

名称: 25766

链接:http://secunia.com/advisories/25766

来源: SECUNIA

名称: 25765

链接:http://secunia.com/advisories/25765

来源: MLIST

名称: [Evolution-hackers] 20070619 Evolution 2.11.4 , Evolution-Data-Server 1.11.4 , GtkHTML 3.15.4 and Evolution-Exchange 2.11.4 released

链接:http://mail.gnome.org/archives/evolution-hackers/2007-June/msg00064.html

来源: SGI

名称: 20070602-01-P

链接:ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc