oss-sec mailing list archives

Re: Evolution denial of service bug ...

From: Josh Bressers <bressers () redhat com>
Date: Tue, 19 Jan 2010 15:39:00 -0500 (EST)

----- "Marcus Meissner" <meissner () suse de> wrote:


We received a bugreport for Evolution from "Francis Provencher for Protek
Research Lab's" (protekresearchlab () yahoo ca).

The issue is that if Evolution accesses a malicious POP3 server the
latter can by sending an overly long ERR message cause a X11 error
(BadAlloc) likely due to a overly wide Message Box and so cause evolution
to abort.

The commit in evolution that fixes it:
http://git.gnome.org/browse/evolution-data-server/commit/?id=22854733409fddf3e313cc637ce3a0309159b41f
it also checks for utf-8 validity.


I am still undecided whether this is a real security issue or not. On one
hand getting rid of this malicious server from evolution might be
difficult if it is auto-opened. On the other hand, malicious servers have
also other denial of service possibilities (like sending 1000000+
mailheaders).


I'm thinking not a flaw for this one. If it could execute arbitrary code,
you'd have a flaw, but a DoS only is pretty gray area.

Unless someone gives me a compelling reason to do so, I'm not assigning
this a CVE id.

Thanks.

-- 
    JB

Current thread:

Evolution denial of service bug ... Marcus Meissner (Jan 18)
- Re: Evolution denial of service bug ... Josh Bressers (Jan 19)