OVAL query for evolution vulnerability CAN-2003-0130

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

OVAL query for evolution vulnerability CAN-2003-0130

Jay Beale
CVE-ID: CAN-2003-0130
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0130

CVE Description: "The handle_image function in mail-format.c for Ximian
Evolution Mail User Agent 1.2.2 and earlier does not properly escape
HTML
characters, which allows remote attackers inject arbitrary data and HTML
via a MIME Content-ID header in a MIME-encoded image."

Red Hat Security Advisory RHSA-2003:108-19
Updated Evolution packages fix multiple vulnerabilities
https://rhn.redhat.com/errata/RHSA-2003-108.html

"Updated Evolution packages are available which fix several
vulnerabilities.

Evolution is a GNOME-based collection of personal information management
(PIM) tools.

Multiple vulnerabilities have been found in the Ximian Evolution email
client. These vulnerabilities make it possible for a carefully crafted
email to crash the program, cause general system instability through
resource starvation, and get around security measures implemented within
the program.

Users of Evolution are advised to upgrade to these erratum packages. For
Red Hat Linux 7.3, these packages update Evolution to version 1.0.8 with
patches to correct these vulnerabilities. For Red Hat Linux 8.0, these
packages contain backported security fixes which correct these
vulnerabilities."

I propose the following SQL query for this vulnerability on Red Hat 9:

OVAL-ID: TBA

Status: Initial Submission
Version: 0
Date Modified: 2003-08-11
Platform: Red Hat 9
Query Synopsis:
-- Vulnerable software exists:
        o Red Hat 9 on ix86
        o evolution rpm version prior to 1.2.2-5 is installed

SELECT 'CAN-2003-0130' FROM Placeholder WHERE EXISTS
-- ### BEGIN VULNERABLE SOFTWARE EXISTS
--
-- Red Hat 9
-- This query is for Red Hat 9...
        (SELECT 'Red Hat 9 is installed' FROM RedHat_RPMinfo WHERE
                RPMName = 'redhat-release' AND
                RPMVersion = '9')
AND EXISTS
--
-- ...on i386 machines.
--
        (SELECT 'ix86 architecture' FROM RedHat_Uname WHERE
                MachineClass LIKE 'i_86')
AND EXISTS
--
-- evolution rpm version prior to 1.2.2-5 is installed
--
        (SELECT 'evolution version < 1.2.2-5'
FROM RedHat_RPMVersionCompare WHERE
                RPMName = 'evolution' AND
                RPMTestedEpoch IS NULL AND
                RPMTestedVersion = '1.2.2' AND
                RPMTestedRelease = '5' AND
                RPMInstalledVersion = 'earlier'
)
-- ### END VULNERABLE SOFTWARE EXISTS
--
-- ### BEGIN VULNERABLE CONFIGURATION
-- ### END VULNERABLE CONFIGURATION
;
-----------------------------------------------------------------
INSERT IDs used:

New INSERTs:


-----------------------------------------------------------------