Novell/Ximian Evolution multiple text attachments DoS

[Kristian Hermansen <khermansen () ht-technology com>]

==================
=====Analysis=====
==================
I just wanted to inform users of Ximian Evolution 2.0 software that
there exists a way to temporarily DoS the local application and/or
machine by attaching an absurd amount of .ezm files to a normal email.
It seems that Evolution tries to interpret all these attachments and
will actually display them if it determines they are text.  The problem
comes when Evolution is sent an email with say, greater than 1000 .ezm
attachments, and the application tries to unroll them all before
allowing you to do anything else within the application.  These .ezm
files are usually created by the EZ Mailing List Manager software, but
one may custom design their own to execute the DoS attack.  There seem
to be other attachment types that can be used as well, as long as
Evolution tries to unroll them for view in the message window.

==================
===Implications===
==================
The attack is not sophisticated and Evolution will eventually interpret
all of the attachments -- but until that time (very long), it would
appear to the user that the application has crashed and is unresponsive.
A future attack method that exploits flaws in the attachment renderer
could be combined with this DoS attack to confuse the user while running
some malicious script in the background.

==================
=====Affected=====
==================
Tested on Evolution <=2.0.2
Note: higher versions may still be affected

==================
=====Solution=====
==================
Unknown for now.  Will check out CVS, and if time, issue patch.
-- 
Kristian Hermansen <khermansen () ht-technology com>

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html