Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2005:024: evolution Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the evolution package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2005:024 (evolution).
Max Vozeler discovered an integer overflow in the camel-lock-helper
application. This application is installed setgid mail by default. A local
attacker could exploit this to execute malicious code with the rights of
the 'mail' group
likewise a remote attacker could setup a malicious POP server
to execute arbitrary code when an Evolution user connects to it.
The updated packages have been patched to prevent this problem.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:024
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.