OVAL query for evolution vuln CAN-2003-0129

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

OVAL query for evolution vuln CAN-2003-0129

Jay Beale
CVE-ID: CAN-2003-0129
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0129

CVE Description: "Ximian Evolution Mail User Agent 1.2.2 and earlier
allows remote attackers to cause a denial of service (memory
consumption)
via a mail message that is uuencoded multiple times."

Red Hat Security Advisory RHSA-2003:108-19
Updated Evolution packages fix multiple vulnerabilities
https://rhn.redhat.com/errata/RHSA-2003-108.html

"Updated Evolution packages are available which fix several
vulnerabilities.

Evolution is a GNOME-based collection of personal information management
(PIM) tools.

Multiple vulnerabilities have been found in the Ximian Evolution email
client. These vulnerabilities make it possible for a carefully crafted
email to crash the program, cause general system instability through
resource starvation, and get around security measures implemented within
the program.

Users of Evolution are advised to upgrade to these erratum packages. For
Red Hat Linux 7.3, these packages update Evolution to version 1.0.8 with
patches to correct these vulnerabilities. For Red Hat Linux 8.0, these
packages contain backported security fixes which correct these
vulnerabilities."

I propose the following SQL query for this vulnerability on Red Hat 9:

OVAL-ID: TBA

Status: Initial Submission
Version: 0
Date Modified: 2003-08-11
Platform: Red Hat 9
Query Synopsis:
-- Vulnerable software exists:
        o Red Hat 9 on ix86
        o evolution rpm version prior to 1.2.2-5 is installed

SELECT 'CAN-2003-0129' FROM Placeholder WHERE EXISTS
-- ### BEGIN VULNERABLE SOFTWARE EXISTS
--
-- Red Hat 9
-- This query is for Red Hat 9...
        (SELECT 'Red Hat 9 is installed'
FROM RedHat_RPMinfo WHERE
                RPMName = 'redhat-release' AND
                RPMVersion = '9')
AND EXISTS
--
-- ...on i386 machines.
--
        (SELECT 'ix86 architecture' FROM RedHat_Uname WHERE
                MachineClass LIKE 'i_86')
AND EXISTS
--
-- evolution rpm version prior to 1.2.2-5 is installed
--
        (SELECT 'evolution version < 1.2.2-5'
FROM RedHat_RPMVersionCompare WHERE
                RPMName = 'evolution' AND
                RPMTestedEpoch IS NULL AND
                RPMTestedVersion = '1.2.2' AND
                RPMTestedRelease = '5' AND
                RPMInstalledVersion = 'earlier'
)
-- ### END VULNERABLE SOFTWARE EXISTS
--
-- ### BEGIN VULNERABLE CONFIGURATION
-- ### END VULNERABLE CONFIGURATION
;
-----------------------------------------------------------------
INSERT IDs used:


New INSERTs:


-----------------------------------------------------------------