Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2009-0547

Disclosure Date: February 12, 2009
CVE-2009-0547
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Evolution 2.22.3.1 checks S/MIME signatures against a copy of the e-mail text within a signed-data blob, not the copy of the e-mail text displayed to the user, which allows remote attackers to spoof a signature by modifying the latter copy, a different vulnerability than CVE-2008-5077.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • evolution

Products

  • evolution 2.22.3.1

References

Canonical
CVE-2009-0547 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0547)
BID-33720 (http://www.securityfocus.com/bid/33720)
Advisory
SECUNIA-35357 (http://secunia.com/advisories/35357)
ADV-2010-1107 (http://www.vupen.com/english/advisories/2010/1107)
FEDORA-2009-2792 (https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00672.html)
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
https://bugzilla.redhat.com/show_bug.cgi?id=484925
SECUNIA-34339 (http://secunia.com/advisories/34339)
[oss-security] 20090210 CVE Request -- evolution (http://openwall.com/lists/oss-security/2009/02/10/7)
SECUNIA-34363 (http://secunia.com/advisories/34363)
http://www.redhat.com/support/errata/RHSA-2009-0355.html
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
http://bugzilla.gnome.org/show_bug.cgi?id=564465
DSA-1813 (http://www.debian.org/security/2009/dsa-1813)
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html
http://www.redhat.com/support/errata/RHSA-2009-0354.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9619
SECUNIA-34338 (http://secunia.com/advisories/34338)
FEDORA-2009-2784 (https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00666.html)
http://www.mandriva.com/security/advisories?name=MDVSA-2009:078
SECUNIA-38915 (http://secunia.com/advisories/38915)
SECUNIA-33848 (http://secunia.com/advisories/33848)
Miscellaneous
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508479

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis