DescriptionEvolution 18.104.22.168 checks S/MIME signatures against a copy of the e-mail text within a signed-data blob, not the copy of the e-mail text displayed to the user, which allows remote attackers to spoof a signature by modifying the latter copy, a different vulnerability than CVE-2008-5077.
NVD CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Novell/SUSE informationNovell Bugzilla entry: 475108 SUSE Security Advisories:
- SUSE-SR:2010:006, published Mon, 15 Mar 2010 11:11:00 +0000
- SUSE-SR:2010:011, published Mon, 10 May 2010 14:00:00 +0000
- SUSE-SR:2010:012, published Tue, 25 May 2010 12:00:00 +0000
- openSUSE-SU-2010:0216-1, published Wed, 5 May 2010 13:08:11 +0200 (CEST)