发布时间 :2003-09-17 00:00:00
修订时间 :2008-09-10 15:19:33

[原文]gtkhtml before 1.1.10, as used in Evolution, allows remote attackers to cause a denial of service (crash) via a malformed message that causes a null pointer dereference.

[CNNVD]GTKHTML Malformed HTML文件服务拒绝漏洞(CNNVD-200309-004)

        用于Evolution的gtkhtml 1.1.10之前版本存在漏洞。远程攻击者可以借助畸形消息导致服务拒绝(崩溃),该信息导致空指针引用。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:148Evolution GtkHTML DoS via null Pointer Dereference

- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源

- 漏洞信息

GTKHTML Malformed HTML文件服务拒绝漏洞
中危 其他
2003-09-17 00:00:00 2005-10-20 00:00:00
        用于Evolution的gtkhtml 1.1.10之前版本存在漏洞。远程攻击者可以借助畸形消息导致服务拒绝(崩溃),该信息导致空指针引用。

- 公告与补丁

        This issue has been addressed in the GtkHTML component that is included in Evolution 1.2.4. Evolution users are advised to upgrade.
        Red Hat has released a security advisory (RHSA-2003:264-01) that states the previous security advisory (RHSA-2003:126-06) as obsolete. New fixes have been made available in this advisory and users are advised to upgrade as soon as possible.
        Conectiva has released a security advisory (CLSA-2003:737) containing fixes to address this issue.
        Mandrake has released a security advisory (MDKSA-2003:093) containing updated fixes to address this issue.
        Debian Linux has released advisory DSA 710-1 addressing this issue. Please see the referenced advisory for details on obtaining and applying fixes.
        Fixes are available:
        GNOME GtkHTML 1.0.1
        GNOME GtkHTML 1.0.2

- 漏洞信息 (F37736)

dsa-710.txt (PacketStormID:F37736)
2005-05-29 00:00:00

Debian Security Advisory DSA 710-1 - Alan Cox discovered a problem in gtkhtml, an HTML rendering widget used by the Evolution mail reader. Certain malformed messages could cause a crash due to a null pointer dereference.

Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 710-1                                        Martin Schulze
April 18th, 2005              
- --------------------------------------------------------------------------

Package        : gtkhtml
Vulnerability  : null pointer dereference
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2003-0541
Debian Bug     : 279726

Alan Cox discovered a problem in gtkhtml, an HTML rendering widget
used by the Evolution mail reader.  Certain malformed messages could
cause a cras due to a null pointer dereference.

For the stable distribution (woody) this problem has been fixed in
version 1.0.2-1.woody1.

For the unstable distribution (sid) this problem has been fixed in
version 1.0.4-6.2.

We recommend that you upgrade your gtkhtml package and restart

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:
      Size/MD5 checksum:     1125 6988f7d4a99fb8d11718ffe378f43b3b
      Size/MD5 checksum:     7774 1c2ba9567085f2f53be68f90c83ca1b0
      Size/MD5 checksum:  1303882 5276fcca2007f2d1a9da912f167da942

  Architecture independent components:
      Size/MD5 checksum:   110140 201592f40c1af63858d3eeaa86199aff

  Alpha architecture:
      Size/MD5 checksum:   183820 5ee322b2a611a805024d111d4f09294b
      Size/MD5 checksum:   471328 af1ab4aa1163476af6934311a17cc20a
      Size/MD5 checksum:   265262 647cc727c44ea8f7b20deae2b92ecde9

  ARM architecture:
      Size/MD5 checksum:   161032 cb49c5d6f69fe2586cdb67635e2389de
      Size/MD5 checksum:   369672 3f62dab704cbcbe4b42ca92f6ee9c8c2
      Size/MD5 checksum:   228732 d7c6e04d352fa685923897c90390124b

  Intel IA-32 architecture:
      Size/MD5 checksum:   161342 764b98a643e95cd6c71c63321558f09b
      Size/MD5 checksum:   327032 73c654db1df353ceba333cb360fd4371
      Size/MD5 checksum:   211340 1121bd3c7c999475e29318d5b51d7893

  Intel IA-64 architecture:
      Size/MD5 checksum:   220844 a76275284742a70e1ef531f116031c41
      Size/MD5 checksum:   521132 a2a818095e2b1269c76d51000e83a94d
      Size/MD5 checksum:   365282 5b2435c82e113857df3f071b3523da9a

  HP Precision architecture:
      Size/MD5 checksum:   181092 840d582a8ccc53b53e8ae2a5386cb581
      Size/MD5 checksum:   459262 0f1d29d73b8e3d4c4f0ac1cfaa9ca75f
      Size/MD5 checksum:   301290 dda8c4920f558bc87db7d49516e1d0a8

  Motorola 680x0 architecture:
      Size/MD5 checksum:   156492 f1c02dc230f2015b44fa828d527d7284
      Size/MD5 checksum:   321408 1d4eccc30bc5b16ec0226c26ff938491
      Size/MD5 checksum:   218960 798d4773c9a416366aee3b8f8a20e96e

  Big endian MIPS architecture:
      Size/MD5 checksum:   158670 48616031e2b54586d474574a15569330
      Size/MD5 checksum:   424980 0824af5b2aea3d06cbc26b74734deabc
      Size/MD5 checksum:   228374 f5b41b3662fc916ca55c33ee73853bde

  Little endian MIPS architecture:
      Size/MD5 checksum:   157646 256efff4ab081d37dc693fc30384c30b
      Size/MD5 checksum:   418884 7fcfe4003100d1d59c51577eb76cbfb9
      Size/MD5 checksum:   226316 c8cd02352947788665d3a8ee341d5975

  PowerPC architecture:
      Size/MD5 checksum:   159592 db5e3e20547b5d8ef7be23424d4b846f
      Size/MD5 checksum:   392412 a6c3956e372ce45f707e42c5fbe831de
      Size/MD5 checksum:   240908 a48a52556fb17012df3d6921982597c5

  IBM S/390 architecture:
      Size/MD5 checksum:   160992 8c619e5d0bfb20ad019a332fd5057202
      Size/MD5 checksum:   350854 7b8292d0fd63d0f6857859db343ddcd0
      Size/MD5 checksum:   243026 8e27d879237c8c194bd3b4e74d80c63f

  Sun Sparc architecture:
      Size/MD5 checksum:   165438 4d2ce3c43769b52723137ad5bf72430a
      Size/MD5 checksum:   369240 76a7721207df6f4b9b9478d2bea4389f
      Size/MD5 checksum:   232952 ae95aec6f4e069ea36f7faf69ec888f7

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
Package info: `apt-cache show <pkg>' and<pkg>

Version: GnuPG v1.4.0 (GNU/Linux)



- 漏洞信息 (F31608)

rhsa-2003-264.gtk (PacketStormID:F31608)
2003-09-10 00:00:00

RedHat Security Advisory - New GtkHTML packages have been released that fix a vulnerability discovered by Alan Cox. The problem discovered allowed certain malformed messages to cause the Evolution mail component to crash due to a null pointer dereference in the GtkHTML library.

Updated gtkhtml packages fix vulnerability
   Advisory: RHSA-2003:264-11
   Last updated on: 2003-09-09
   Affected Products: Red Hat Linux 7.3
   Red Hat Linux 8.0
   Red Hat Linux 9
   CVEs ( CAN-2003-0541


   Updated gtkhtml packages that fix a null pointer dereference are now available.

   GtkHTML is the HTML rendering widget used by the Evolution mail reader.
   Versions of GtkHTML prior to 1.1.10 contain a bug when handling HTML
   messages. Alan Cox discovered that certain malformed messages could cause
   the Evolution mail component to crash due to a null pointer dereference in
   the GtkHTML library. The Common Vulnerabilities and Exposures project
   ( has assigned the name CAN-2003-0541 to this issue.
   Users of Evolution are advised to upgrade to these erratum packages, which
   contain GtkHTML version 1.1.10 correcting this issue.
   Red Hat would like to thank the Ximian security team for investigating and
   fixing this issue.

   Updated packages:
   Red Hat Linux 7.3

   [ via FTP ] [ via HTTP ]     ef522c1e68fbfe0f0ca30dd492f92c15

   [ via FTP ] [ via HTTP ]     fd859735eb447b91951f0437d70f80ba
   [ via FTP ] [ via HTTP ]     23fb9ebaa16ce56fa654f0d4b07d4b33

   Red Hat Linux 8.0

   [ via FTP ] [ via HTTP ]     23c388db561ce5501d71e830e54dff12

   [ via FTP ] [ via HTTP ]     fa96b2f741be2eef82b7e92320f8e446
   [ via FTP ] [ via HTTP ]     28cb3e1ae90ff3871c21bcf84e2f29e4

   Red Hat Linux 9

   [ via FTP ] [ via HTTP ]     d4b46f1f6c36d5209e6578ece270e3b6

   [ via FTP ] [ via HTTP ]     a392b6bcca7ae45fe60a2e493236eae4
   [ via FTP ] [ via HTTP ]     b8a1e111dd039723fb01dc1d983e9d73


   Before applying this update, make sure all previously released errata
   relevant to your system have been applied.
   To update all RPMs for your particular architecture, run:
   rpm -Fvh [filenames]
   where [filenames] is a list of the RPMs you wish to upgrade. Only those
   RPMs which are currently installed will be updated. Those RPMs which are
   not installed but included in the list will not be updated. Note that you
   can also use wildcards (*.rpm) if your current directory *only* contains the
   desired RPMs.
   Please note that this update is also available via Red Hat Network. Many
   people find this an easier way to apply updates. To use Red Hat Network,
   launch the Red Hat Update Agent with the following command:
   This will start an interactive process that will result in the appropriate
   RPMs being upgraded on your system.
   If up2date fails to connect to Red Hat Network due to SSL Certificate
   Errors, you need to install a version of the up2date client with an updated
   certificate. The latest version of up2date is available from the Red Hat
   FTP site and may also be downloaded directly from the RHN website:


- 漏洞信息

Evolution GtkHtml Malformed HTML Document DoS
Denial of Service
Loss of Availability

- 漏洞描述

Red Hat has reported a vulnerability in GtkHTML, which can be exploited by malicious people to cause a DoS (Denial of Service) on Evolution.

- 时间线

2003-09-10 Unknow
Unknow Unknow

- 解决方案

Update packages: -- Red Hat Linux 7.3 -- SRPMS: i386: -- Red Hat Linux 8.0 -- SRPMS: i386: -- Red Hat Linux 9 -- SRPMS: i386:

- 相关参考

- 漏洞作者

Unknown or Incomplete