NVD Vulnerability Detail

CVE-2008-1108

Summary	Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment.
Publication Date	June 5, 2008, 5:32 a.m.
Registration Date	Jan. 29, 2021, 1:32 p.m.
Last Update	Sept. 29, 2017, 10:30 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:gnome:evolution:2.2.1:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00003.html	SUSE
2	http://secunia.com/advisories/30298	SECUNIA	Vendor Advisory
3	http://secunia.com/advisories/30527	SECUNIA
4	http://secunia.com/advisories/30536	SECUNIA
5	http://secunia.com/advisories/30564	SECUNIA
6	http://secunia.com/advisories/30571	SECUNIA
7	http://secunia.com/advisories/30702	SECUNIA
8	http://secunia.com/advisories/30716	SECUNIA
9	http://secunia.com/secunia_research/2008-22/advisory/	MISC
10	http://security.gentoo.org/glsa/glsa-200806-06.xml	GENTOO
11	http://www.mandriva.com/security/advisories?name=MDVSA-2008:111	MANDRIVA
12	http://www.redhat.com/support/errata/RHSA-2008-0514.html	REDHAT
13	http://www.redhat.com/support/errata/RHSA-2008-0515.html	REDHAT
14	http://www.redhat.com/support/errata/RHSA-2008-0516.html	REDHAT
15	http://www.redhat.com/support/errata/RHSA-2008-0517.html	REDHAT
16	http://www.securityfocus.com/bid/29527	BID
17	http://www.securitytracker.com/id?1020169	SECTRACK
18	http://www.ubuntu.com/usn/usn-615-1	UBUNTU
19	http://www.vupen.com/english/advisories/2008/1732/references	VUPEN
20	https://exchange.xforce.ibmcloud.com/vulnerabilities/42824	XF
21	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10471	OVAL
22	https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00157.html	FEDORA
23	https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00178.html	FEDORA
24	https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00179.html	FEDORA

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html

JVN Vulnerability Information

Evolution のタイムゾーン処理に関するバッファーオーバーフローの脆弱性

Title	Evolution のタイムゾーン処理に関するバッファーオーバーフローの脆弱性
Summary	Evolution には、ITip Formatter プラグインが無効の場合、iCalendar ファイルのタイムゾーン処理に問題があるため、バッファーオーバーフローの脆弱性が存在します。
Possible impacts	第三者によって巧妙に細工された iCalendar ファイルの処理により、任意のコードを実行される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	June 4, 2008, midnight
Registration Date	July 2, 2008, 2:21 p.m.
Last Update	May 9, 2011, 10:51 a.m.

Affected System

レッドハット

Red Hat Enterprise Linux 3 (as)

Red Hat Enterprise Linux 3 (es)

Red Hat Enterprise Linux 3 (ws)

Red Hat Enterprise Linux 4 (as)

Red Hat Enterprise Linux 4 (es)

Red Hat Enterprise Linux 4 (ws)

Red Hat Enterprise Linux 4.5 (as)

Red Hat Enterprise Linux 4.5 (es)

Red Hat Enterprise Linux Desktop 3.0

Red Hat Enterprise Linux Desktop 4.0

Red Hat Enterprise Linux Desktop 5.0 (client)

RHEL Desktop Workstation 5 (client)

RHEL Optional Productivity Applications 5 (server)

オラクル

Oracle Solaris 10

GNOME Project

Evolution 2.22.1

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2008-1108	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1108
National Vulnerability Database (NVD)
2	CVE-2008-1108	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1108

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
Evolution
1	Top Page	http://www.gnome.org/projects/evolution/
Red Hat Security Advisory
2	RHSA-2008:0514	https://rhn.redhat.com/errata/RHSA-2008-0514.html
3	RHSA-2008:0515	https://rhn.redhat.com/errata/RHSA-2008-0515.html
4	RHSA-2008:0516	https://rhn.redhat.com/errata/RHSA-2008-0516.html
5	RHSA-2008:0517	https://rhn.redhat.com/errata/RHSA-2008-0517.html
SECURITY BLOG
6	cve_2008_1108_cve_2008	http://blogs.sun.com/security/entry/cve_2008_1108_cve_2008
レッドハットセキュリティーアップデート
7	RHSA-2008:0514	http://www.jp.redhat.com/support/errata/RHSA/RHSA-2008-0514J.html
8	RHSA-2008:0515	http://www.jp.redhat.com/support/errata/RHSA/RHSA-2008-0515J.html
9	RHSA-2008:0516	http://www.jp.redhat.com/support/errata/RHSA/RHSA-2008-0516J.html

その他

No	Name	URL
FrSIRT Advisories
1	FrSIRT/ADV-2008-1732	http://www.frsirt.com/english/advisories/2008/1732
ISS X-Force Database
2	42824	http://xforce.iss.net/xforce/xfdb/42824
Secunia Advisory
3	SA30298	http://secunia.com/advisories/30298
4	SA30527	http://secunia.com/advisories/30527
5	SA30536	http://secunia.com/advisories/30536
Secunia Research
6	2008-22	http://secunia.com/secunia_research/2008-22/advisory/
SecurityFocus
7	29527	http://www.securityfocus.com/bid/29527
SecurityTracker
8	1020169	http://www.securitytracker.com/id?1020169

Change Log

No	Changed Details	Date of change
0	[2008年07月02日] 掲載 [2011年05月09日] 影響を受けるシステム：オラクル (cve_2008_1108_cve_2008) の情報を追加ベンダ情報：オラクル (cve_2008_1108_cve_2008) を追加	Feb. 17, 2018, 10:37 a.m.