FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

evolution -- arbitrary code execution vulnerability

Affected packages
evolution < 2.0.3_1


VuXML ID b8943e61-6e68-11d9-a9e7-0001020eed82
Discovery 2005-01-20
Entry 2005-01-25
Modified 2005-02-02

Martin Joey Schulze reports:

Max Vozeler discovered an integer overflow in the helper application camel-lock-helper which runs setuid root or setgid mail inside of Evolution, a free groupware suite. A local attacker can cause the setuid root helper to execute arbitrary code with elevated privileges via a malicious POP server.


Bugtraq ID 12354
CVE Name CVE-2005-0102