Summary
This host is installed with Evolution for Linux and is prone to Information Disclosure Vulnerability.
Impact
Successful exploitation will let the local attacker gain sensitive information about the victim's mail folders and can view their contents.
Impact level: Application
Solution
Upgrade to Evolution Mail Client version 2.30.1 or later For further updates refer, http://projects.gnome.org/evolution
Insight
The flaw is due to Mailer component in Evolution, uses world readable permissions for the .evolution directory and some other certain directories under .evolution which causes disclosure of sensitive information of the user's mail directories and their contents.
Affected
Evolution Mail Client version 2.26.1 and prior.
References
Severity
Classification
-
CVE CVE-2009-1631 -
CVSS Base Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities