OpenPGP Message Injection Vulnerability in Evolution by Novell
CVE-2007-1266

Currently unrated

Key Information:

Vendor

Gnome
Status
Evolution
Vendor
CVE Published:
6 March 2007

What is CVE-2007-1266?

The Evolution email client, specifically versions 2.8.1 and earlier, improperly handles the --status-fd argument while invoking GnuPG. This failure restricts Evolution's capability to visually differentiate between signed and unsigned sections of OpenPGP messages containing multiple components. As a result, it creates an avenue for remote attackers to manipulate and forge message content without raising any alarms, thereby compromising the integrity of email communications.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://lists.gnupg.org/pipermail/gnupg-users/2007-March/0...
mailing-listx_refsource_MLIST
http://securityreason.com/securityalert/2353
third-party-advisoryx_refsource_SREASON
http://www.securityfocus.com/archive/1/461958/30/7710/thr...
mailing-listx_refsource_BUGTRAQ

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.