OpenPGP Message Injection Vulnerability in Evolution by Novell
CVE-2007-1266

Currently unrated

Key Information:

Vendor: Gnome
Status: Evolution
Vendor: CVE Published:; 6 March 2007

What is CVE-2007-1266?

The Evolution email client, specifically versions 2.8.1 and earlier, improperly handles the --status-fd argument while invoking GnuPG. This failure restricts Evolution's capability to visually differentiate between signed and unsigned sections of OpenPGP messages containing multiple components. As a result, it creates an avenue for remote attackers to manipulate and forge message content without raising any alarms, thereby compromising the integrity of email communications.

References

http://lists.gnupg.org/pipermail/gnupg-users/2007-March/0...

mailing-listx_refsource_MLIST

http://securityreason.com/securityalert/2353

third-party-advisoryx_refsource_SREASON

http://www.securityfocus.com/archive/1/461958/30/7710/thr...

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 6, 2007
Vulnerability Reserved
Mar 4, 2007

Gnome

What is CVE-2007-1266?

References

Timeline