// For flags

CVE-2007-3257

evolution malicious server arbitrary code execution

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Camel (camel-imap-folder.c) in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index.

Camel (camel-imap-folder.c) en el componente de mensajería (mailer) para Evolution Data Server 1.11 permite a servidores IMAP remotos ejecutar código de su elección mediante un valor negativo de SEQUENCE en GData, lo cual se usa como índice de una rray.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-06-19 CVE Reserved
  • 2007-06-19 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (34)
URL Tag Source
http://bugzilla.gnome.org/show_bug.cgi?id=447414 X_refsource_misc
http://mail.gnome.org/archives/evolution-hackers/2007-June/msg00064.html Mailing List
http://osvdb.org/37489 Vdb Entry
http://secunia.com/advisories/25765 Third Party Advisory
http://secunia.com/advisories/25766 Third Party Advisory
http://secunia.com/advisories/25774 Third Party Advisory
http://secunia.com/advisories/25777 Third Party Advisory
http://secunia.com/advisories/25793 Third Party Advisory
http://secunia.com/advisories/25798 Third Party Advisory
http://secunia.com/advisories/25843 Third Party Advisory
http://secunia.com/advisories/25880 Third Party Advisory
http://secunia.com/advisories/25894 Third Party Advisory
http://secunia.com/advisories/25906 Third Party Advisory
http://secunia.com/advisories/25958 Third Party Advisory
http://secunia.com/advisories/26083 Third Party Advisory
http://www.securityfocus.com/archive/1/471455/100/0/threaded Mailing List
http://www.securityfocus.com/bid/24567 Vdb Entry
http://www.securitytracker.com/id?1018284 Vdb Entry
http://www.vupen.com/english/advisories/2007/2282 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/34964 Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11724 Signature
URL Date SRC
URL Date SRC
URL Date SRC
ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc 2018-10-16
http://security.gentoo.org/glsa/glsa-200711-04.xml 2018-10-16
http://www.debian.org/security/2007/dsa-1321 2018-10-16
http://www.debian.org/security/2007/dsa-1325 2018-10-16
http://www.gentoo.org/security/en/glsa/glsa-200707-03.xml 2018-10-16
http://www.mandriva.com/security/advisories?name=MDKSA-2007:136 2018-10-16
http://www.novell.com/linux/security/advisories/2007_14_sr.html 2018-10-16
http://www.novell.com/linux/security/advisories/2007_42_evolution.html 2018-10-16
http://www.redhat.com/support/errata/RHSA-2007-0509.html 2018-10-16
http://www.redhat.com/support/errata/RHSA-2007-0510.html 2018-10-16
http://www.ubuntu.com/usn/usn-475-1 2018-10-16
https://access.redhat.com/security/cve/CVE-2007-3257 2007-06-25
https://bugzilla.redhat.com/show_bug.cgi?id=244277 2007-06-25
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Gnome
Search vendor "Gnome"
 Evolution
Search vendor "Gnome" for product "Evolution"
 1.11
Search vendor "Gnome" for product "Evolution" and version "1.11"
-
Affected