Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0528

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-0528
Last Modified 02 Apr 2010 02:51:15
Published 02 Feb 2006 06:02:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0528

Summary

The cairo library (libcairo), as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service (persistent client crash) via an attached text file that contains "Content-Disposition: inline" in the header, and a very long line in the body, which causes the client to repeatedly crash until the e-mail message is manually removed, possibly due to a buffer overflow, as demonstrated using an XML attachment.

Vulnerable Systems

Application

  • Gnome Evolution 2.3.1

  • Gnome Evolution 2.3.2

  • Gnome Evolution 2.3.3

  • Gnome Evolution 2.3.4

  • Gnome Evolution 2.3.5

  • Gnome Evolution 2.3.6

  • Gnome Evolution 2.3.6.1

  • Gnome Evolution 2.3.7


References

UBUNTU - USN-265-1

BID - 16408

SUSE - SUSE-SR:2006:007

SECUNIA - 19504

FULLDISC - 20060128 gnome evolution mail client inline text file DoS issue

MANDRIVA - MDKSA-2006:057

SREASON - 610


Last Updated: 27 May 2016 10:41:41