[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Evolution denial of service bug ...
From:       Josh Bressers <bressers () redhat ! com>
Date:       2010-01-19 20:39:00
Message-ID: 2039809097.229341263933540044.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]

----- "Marcus Meissner" <meissner@suse.de> wrote:
> 
> We received a bugreport for Evolution from "Francis Provencher for Protek
> Research Lab's" (protekresearchlab@yahoo.ca).
> 
> The issue is that if Evolution accesses a malicious POP3 server the
> latter can by sending an overly long ERR message cause a X11 error
> (BadAlloc) likely due to a overly wide Message Box and so cause evolution
> to abort.
> 
> The commit in evolution that fixes it:
> http://git.gnome.org/browse/evolution-data-server/commit/?id=22854733409fddf3e313cc637ce3a0309159b41f
> it also checks for utf-8 validity.
> 
> 
> I am still undecided whether this is a real security issue or not. On one
> hand getting rid of this malicious server from evolution might be
> difficult if it is auto-opened. On the other hand, malicious servers have
> also other denial of service possibilities (like sending 1000000+
> mailheaders).
> 

I'm thinking not a flaw for this one. If it could execute arbitrary code,
you'd have a flaw, but a DoS only is pretty gray area.

Unless someone gives me a compelling reason to do so, I'm not assigning
this a CVE id.

Thanks.

-- 
    JB
[prev in list] [next in list] [prev in thread] [next in thread]