CVE-2009-1631
Published May 14, 2009
Last updated 15 years ago
Overview
- Description
- The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by reading these files.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 2.1
- Impact score
- 2.9
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-264
Vendor comments
- Red HatRed Hat does not consider this to be a security issue. By default, user home directories are created with mode 0700 permissions, which would not expose the ~/.evolution/ directory regardless of its own permissions. If a user intentionally relaxes permissions on their home directory, they should be auditing all files and directories in order to not expose unwanted files to other local users.
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:evolution:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0DAA1168-4962-46F2-BEF1-BCB537D154E0",
"versionEndIncluding": "2.26.1"
},
{
"criteria": "cpe:2.3:a:gnome:evolution:1.0.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B10AA832-0C56-4447-BAAB-D6D1F56D59DA"
},
{
"criteria": "cpe:2.3:a:gnome:evolution:1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6D9FBE67-2901-426F-9CA6-70022077B2EA"
},
{
"criteria": "cpe:2.3:a:gnome:evolution:1.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B11C791D-6E3D-4C96-B5CE-A82D870F61D9"
},
{
"criteria": "cpe:2.3:a:gnome:evolution:1.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "38225EC0-5966-4316-B45E-AB1BD4BB5328"
},
{
"criteria": "cpe:2.3:a:gnome:evolution:1.2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D3EBC9CD-DFBF-40E1-8F28-F64E27E8EBD8"
},
{
"criteria": "cpe:2.3:a:gnome:evolution:1.2.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "101552BA-C509-4767-901B-279C3B0C21F2"
},
{
"criteria": "cpe:2.3:a:gnome:evolution:1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A3FBC98A-111A-4E78-AAA5-CF76B7B32D36"
},
{
"criteria": "cpe:2.3:a:gnome:evolution:1.4.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DA12263C-AD34-405E-B27B-6536DFD77093"
},
{
"criteria": "cpe:2.3:a:gnome:evolution:1.4.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "180B84B3-8AF2-4C0F-BB49-789D4C403B36"
},
{
"criteria": "cpe:2.3:a:gnome:evolution:1.4.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E1E9C9CC-FDEB-45C4-AF92-D3AE7DFEFB3E"
},
{
"criteria": "cpe:2.3:a:gnome:evolution:1.4.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "44F21156-9E93-4936-B16F-1C243B937C98"
},
{
"criteria": "cpe:2.3:a:gnome:evolution:2.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "29AB66CF-0B1B-4762-A596-4FC451977D70"
},
{
"criteria": "cpe:2.3:a:gnome:evolution:2.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "600F1CB5-B0F8-443C-A25D-34B335931494"
},
{
"criteria": "cpe:2.3:a:gnome:evolution:2.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7A7A5DBB-9259-4F0F-A7EA-A4E96D7B2C46"
},
{
"criteria": "cpe:2.3:a:gnome:evolution:2.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4CA640B6-B155-4503-BB05-4F17E6A71D96"
},
{
"criteria": "cpe:2.3:a:gnome:evolution:2.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "40C26725-D869-49B0-8405-4472E1639799"
},
{
"criteria": "cpe:2.3:a:gnome:evolution:2.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2160DB09-250B-4BB4-A77D-79326EB9969C"
},
{
"criteria": "cpe:2.3:a:gnome:evolution:2.24:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "854DCABF-696A-4800-8B92-5CCB8F1B5333"
}
],
"operator": "OR"
}
]
}
]