CVE-2009-1631
Evolution < 2.26.1 - Unprotected User Data Exposure via World-Readable Mailer Directory
Title source: llmDescription
The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by reading these files.
References (5)
Core 5
Core References
Exploit x_refsource_misc
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526409
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=498648
Issue Tracking x_refsource_misc
http://bugzilla.gnome.org/show_bug.cgi?id=581604
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/34921
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/05/12/6
Scores
EPSS
0.0010
EPSS Percentile
28.0%
Details
CWE
CWE-264
Status
published
Products (19)
gnome/evolution
1.0.8
gnome/evolution
1.2
gnome/evolution
1.2.1
gnome/evolution
1.2.2
gnome/evolution
1.2.3
gnome/evolution
1.2.4
gnome/evolution
1.4
gnome/evolution
1.4.3
gnome/evolution
1.4.4
gnome/evolution
1.4.5
... and 9 more
Published
May 14, 2009
Tracked Since
Feb 18, 2026