Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2011-3355

Published: 25 November 2019

evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the victim.

Notes

AuthorNote
mdeslaur
can't reproduce on natty and maverick. Seems to be 3.x specific
when migrating 2.x settings

Priority

Medium

Cvss 3 Severity Score

7.3

Score breakdown

Status

Package Release Status
evolution-data-server
Launchpad, Ubuntu, Debian
hardy Ignored
(end of life)
lucid Not vulnerable
(could not reproduce)
maverick Not vulnerable
(could not reproduce)
natty Not vulnerable
(could not reproduce)
oneiric Not vulnerable
(3.2.0-0ubuntu1)
upstream
Released (3.1.2)
Patches:
upstream: http://git.gnome.org/browse/evolution-data-server/commit/?id=e0ac4d79705c

Severity score breakdown

Parameter Value
Base score 7.3
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality Low
Integrity impact Low
Availability impact Low
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L