製品・ソフトウェアに関する情報

JVN脆弱性詳細

Evolution の iCalendar 添付ファイルの処理に関するヒープベースのバッファオーバーフローの脆弱性

Title	Evolution の iCalendar 添付ファイルの処理に関するヒープベースのバッファオーバーフローの脆弱性
Summary	Evolution には、iCalendar 添付ファイルの DESCRIPTION プロパティの処理に不備があり、ヒープベースのバッファオーバーフローの脆弱性が存在します。
Possible impacts	第三者によって巧妙に細工された iCalendar 添付ファイルにより、任意のコードを実行される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	June 4, 2008, midnight
Registration Date	July 2, 2008, 2:21 p.m.
Last Update	May 9, 2011, 11:04 a.m.

CVSS2.0 : 危険
Score	9.3
Vector	AV:N/AC:M/Au:N/C:C/I:C/A:C

Affected System

レッドハット

Red Hat Enterprise Linux 4 (as)

Red Hat Enterprise Linux 4 (es)

Red Hat Enterprise Linux 4 (ws)

Red Hat Enterprise Linux Desktop 4.0

Red Hat Enterprise Linux Desktop 5.0 (client)

RHEL Desktop Workstation 5 (client)

RHEL Optional Productivity Applications 5 (server)

オラクル

Oracle Solaris 10

GNOME Project

Evolution 2.22.1

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2008-1109	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1109
National Vulnerability Database (NVD)
2	CVE-2008-1109	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1109
SECURITY BLOG
3	CVE-2008-1109 Buffer Overflow vulnerability	http://blogs.sun.com/security/entry/cve_2008_1108_cve_2008

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
Evolution
1	Top Page	http://www.gnome.org/projects/evolution/
Red Hat Security Advisory
2	RHSA-2008:0514	https://rhn.redhat.com/errata/RHSA-2008-0514.html
3	RHSA-2008:0515	https://rhn.redhat.com/errata/RHSA-2008-0515.html
レッドハットセキュリティーアップデート
4	RHSA-2008:0514	http://www.jp.redhat.com/support/errata/RHSA/RHSA-2008-0514J.html
5	RHSA-2008:0515	http://www.jp.redhat.com/support/errata/RHSA/RHSA-2008-0515J.html

その他

No	Name	URL
FrSIRT Advisories
1	FrSIRT/ADV-2008-1732	http://www.frsirt.com/english/advisories/2008/1732
ISS X-Force Database
2	42826	http://xforce.iss.net/xforce/xfdb/42826
Secunia Advisory
3	30298	http://secunia.com/advisories/30298
4	30527	http://secunia.com/advisories/30527
5	30571	http://secunia.com/advisories/30571
Secunia Research
6	2008-23	http://secunia.com/secunia_research/2008-23/advisory/
SecurityFocus
7	29527	http://www.securityfocus.com/bid/29527
SecurityTracker
8	1020170	http://www.securitytracker.com/id?1020170

Change Log

No	Changed Details	Date of change
0	[2008年07月02日] 掲載 [2011年05月09日] 影響を受けるシステム：オラクル (CVE-2008-1109 Buffer Overflow vulnerability) の情報を追加ベンダ情報：オラクル (CVE-2008-1109 Buffer Overflow vulnerability) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2008-1109

Summary	Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).
Summary	Desbordamiento de Búfer basado en montículo en Evolution 2.22.1 permite a atacantes remotos asistidos por el usuario, ejecutar código arbitrariamente mediante una propiedad DESCRIPTION larga en un adjunto iCalendar, que no es gestionado correctamente durante una respuesta en la vista de calendario (también conocida como ventana de Calendarios).
Publication Date	June 5, 2008, 5:32 a.m.
Registration Date	Jan. 29, 2021, 1:32 p.m.
Last Update	April 23, 2026, 9:35 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:gnome:evolution:2.22.1:::::::*

Related information, measures and tools

No	URL	refsource
1	http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00003.html	PSIRT-CNA@flexerasoftware.com
2	http://secunia.com/advisories/30298	PSIRT-CNA@flexerasoftware.com
3	http://secunia.com/advisories/30527	PSIRT-CNA@flexerasoftware.com
4	http://secunia.com/advisories/30564	PSIRT-CNA@flexerasoftware.com
5	http://secunia.com/advisories/30571	PSIRT-CNA@flexerasoftware.com
6	http://secunia.com/advisories/30702	PSIRT-CNA@flexerasoftware.com
7	http://secunia.com/advisories/30716	PSIRT-CNA@flexerasoftware.com
8	http://secunia.com/secunia_research/2008-23/advisory/	PSIRT-CNA@flexerasoftware.com
9	http://security.gentoo.org/glsa/glsa-200806-06.xml	PSIRT-CNA@flexerasoftware.com
10	http://www.mandriva.com/security/advisories?name=MDVSA-2008:111	PSIRT-CNA@flexerasoftware.com
11	http://www.redhat.com/support/errata/RHSA-2008-0514.html	PSIRT-CNA@flexerasoftware.com
12	http://www.redhat.com/support/errata/RHSA-2008-0515.html	PSIRT-CNA@flexerasoftware.com
13	http://www.securityfocus.com/bid/29527	PSIRT-CNA@flexerasoftware.com
14	http://www.securitytracker.com/id?1020170	PSIRT-CNA@flexerasoftware.com
15	http://www.ubuntu.com/usn/usn-615-1	PSIRT-CNA@flexerasoftware.com
16	http://www.vupen.com/english/advisories/2008/1732/references	PSIRT-CNA@flexerasoftware.com
17	https://exchange.xforce.ibmcloud.com/vulnerabilities/42826	PSIRT-CNA@flexerasoftware.com
18	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10337	PSIRT-CNA@flexerasoftware.com
19	https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00157.html	PSIRT-CNA@flexerasoftware.com
20	https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00178.html	PSIRT-CNA@flexerasoftware.com
21	https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00179.html	PSIRT-CNA@flexerasoftware.com
22	http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00003.html	af854a3a-2127-422b-91ae-364da2661108
23	http://secunia.com/advisories/30298	af854a3a-2127-422b-91ae-364da2661108
24	http://secunia.com/advisories/30527	af854a3a-2127-422b-91ae-364da2661108
25	http://secunia.com/advisories/30564	af854a3a-2127-422b-91ae-364da2661108
26	http://secunia.com/advisories/30571	af854a3a-2127-422b-91ae-364da2661108
27	http://secunia.com/advisories/30702	af854a3a-2127-422b-91ae-364da2661108
28	http://secunia.com/advisories/30716	af854a3a-2127-422b-91ae-364da2661108
29	http://secunia.com/secunia_research/2008-23/advisory/	af854a3a-2127-422b-91ae-364da2661108
30	http://security.gentoo.org/glsa/glsa-200806-06.xml	af854a3a-2127-422b-91ae-364da2661108
31	http://www.mandriva.com/security/advisories?name=MDVSA-2008:111	af854a3a-2127-422b-91ae-364da2661108
32	http://www.redhat.com/support/errata/RHSA-2008-0514.html	af854a3a-2127-422b-91ae-364da2661108
33	http://www.redhat.com/support/errata/RHSA-2008-0515.html	af854a3a-2127-422b-91ae-364da2661108
34	http://www.securityfocus.com/bid/29527	af854a3a-2127-422b-91ae-364da2661108
35	http://www.securitytracker.com/id?1020170	af854a3a-2127-422b-91ae-364da2661108
36	http://www.ubuntu.com/usn/usn-615-1	af854a3a-2127-422b-91ae-364da2661108
37	http://www.vupen.com/english/advisories/2008/1732/references	af854a3a-2127-422b-91ae-364da2661108
38	https://exchange.xforce.ibmcloud.com/vulnerabilities/42826	af854a3a-2127-422b-91ae-364da2661108
39	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10337	af854a3a-2127-422b-91ae-364da2661108
40	https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00157.html	af854a3a-2127-422b-91ae-364da2661108
41	https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00178.html	af854a3a-2127-422b-91ae-364da2661108
42	https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00179.html	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html