Evolution has critical flaw

Security service provider Secunia has reported a critical flaw in the Evolution e-mail and groupware program. Attackers can use crafted e-mails to exploit a programming flaw that allows them to execute their own code with the rights of the logged-on user when an e-mail is opened.

Advertisement

Secunia's Ulf Harnhammar discovered the way to code to inject and execute code. When version data from an encrypted email are displayed by the emf_multipart_encrypted() function, a format string error can occur.

Secunia recommends users not to open untrusted e-mails. To be on the safe side, Evolution should be completely avoided for the time being. In its security advisory, Secunia says that various Linux distributors will soon be providing patches.

See also:

• Evolution Encrypted Message Format String Vulnerability, Secunia's security advisory

(mba)