oss-sec mailing list archives
Re: Evolution denial of service bug ...
From: Josh Bressers <bressers () redhat com>
Date: Tue, 19 Jan 2010 15:39:00 -0500 (EST)
----- "Marcus Meissner" <meissner () suse de> wrote:
We received a bugreport for Evolution from "Francis Provencher for Protek Research Lab's" (protekresearchlab () yahoo ca). The issue is that if Evolution accesses a malicious POP3 server the latter can by sending an overly long ERR message cause a X11 error (BadAlloc) likely due to a overly wide Message Box and so cause evolution to abort. The commit in evolution that fixes it: http://git.gnome.org/browse/evolution-data-server/commit/?id=22854733409fddf3e313cc637ce3a0309159b41f it also checks for utf-8 validity. I am still undecided whether this is a real security issue or not. On one hand getting rid of this malicious server from evolution might be difficult if it is auto-opened. On the other hand, malicious servers have also other denial of service possibilities (like sending 1000000+ mailheaders).
I'm thinking not a flaw for this one. If it could execute arbitrary code, you'd have a flaw, but a DoS only is pretty gray area. Unless someone gives me a compelling reason to do so, I'm not assigning this a CVE id. Thanks. -- JB
Current thread:
- Evolution denial of service bug ... Marcus Meissner (Jan 18)
- Re: Evolution denial of service bug ... Josh Bressers (Jan 19)