Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2009-1631
Modified
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-14 May, 2009 | 17:30
Updated At-23 May, 2009 | 05:31

The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by reading these files.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
The GNOME Project
gnome
>>evolution>>Versions up to 2.26.1(inclusive)
cpe:2.3:a:gnome:evolution:*:*:*:*:*:*:*:*
The GNOME Project
gnome
>>evolution>>1.0.8
cpe:2.3:a:gnome:evolution:1.0.8:*:*:*:*:*:*:*
The GNOME Project
gnome
>>evolution>>1.2
cpe:2.3:a:gnome:evolution:1.2:*:*:*:*:*:*:*
The GNOME Project
gnome
>>evolution>>1.2.1
cpe:2.3:a:gnome:evolution:1.2.1:*:*:*:*:*:*:*
The GNOME Project
gnome
>>evolution>>1.2.2
cpe:2.3:a:gnome:evolution:1.2.2:*:*:*:*:*:*:*
The GNOME Project
gnome
>>evolution>>1.2.3
cpe:2.3:a:gnome:evolution:1.2.3:*:*:*:*:*:*:*
The GNOME Project
gnome
>>evolution>>1.2.4
cpe:2.3:a:gnome:evolution:1.2.4:*:*:*:*:*:*:*
The GNOME Project
gnome
>>evolution>>1.4
cpe:2.3:a:gnome:evolution:1.4:*:*:*:*:*:*:*
The GNOME Project
gnome
>>evolution>>1.4.3
cpe:2.3:a:gnome:evolution:1.4.3:*:*:*:*:*:*:*
The GNOME Project
gnome
>>evolution>>1.4.4
cpe:2.3:a:gnome:evolution:1.4.4:*:*:*:*:*:*:*
The GNOME Project
gnome
>>evolution>>1.4.5
cpe:2.3:a:gnome:evolution:1.4.5:*:*:*:*:*:*:*
The GNOME Project
gnome
>>evolution>>1.4.6
cpe:2.3:a:gnome:evolution:1.4.6:*:*:*:*:*:*:*
The GNOME Project
gnome
>>evolution>>2.0.0
cpe:2.3:a:gnome:evolution:2.0.0:*:*:*:*:*:*:*
The GNOME Project
gnome
>>evolution>>2.0.1
cpe:2.3:a:gnome:evolution:2.0.1:*:*:*:*:*:*:*
The GNOME Project
gnome
>>evolution>>2.0.2
cpe:2.3:a:gnome:evolution:2.0.2:*:*:*:*:*:*:*
The GNOME Project
gnome
>>evolution>>2.4
cpe:2.3:a:gnome:evolution:2.4:*:*:*:*:*:*:*
The GNOME Project
gnome
>>evolution>>2.6
cpe:2.3:a:gnome:evolution:2.6:*:*:*:*:*:*:*
The GNOME Project
gnome
>>evolution>>2.12
cpe:2.3:a:gnome:evolution:2.12:*:*:*:*:*:*:*
The GNOME Project
gnome
>>evolution>>2.24
cpe:2.3:a:gnome:evolution:2.24:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-264Primarynvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
Organization : Red Hat
Last Modified : 2009-12-07T00:00:00

Red Hat does not consider this to be a security issue. By default, user home directories are created with mode 0700 permissions, which would not expose the ~/.evolution/ directory regardless of its own permissions. If a user intentionally relaxes permissions on their home directory, they should be auditing all files and directories in order to not expose unwanted files to other local users.

References
HyperlinkSourceResource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526409cve@mitre.org
Exploit
http://bugzilla.gnome.org/show_bug.cgi?id=581604cve@mitre.org
N/A
http://www.openwall.com/lists/oss-security/2009/05/12/6cve@mitre.org
N/A
http://www.securityfocus.com/bid/34921cve@mitre.org
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=498648cve@mitre.org
N/A
Change History
0Changes found
Details not found