Published: 14/03/2009 Updated: 29/09/2017

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P

The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and previous versions, and 2.25.92 and previous versions 2.25.x versions, does not validate whether a certain length value is consistent with the amount of data in a challenge packet, which allows remote mail servers to read information from the process memory of a client, or cause a denial of service (client crash), via an NTLM authentication type 2 packet with a length value that exceeds the amount of packet data.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnome evolution-data-server
gnome evolution-data-server 2.25.92

Several vulnerabilities have been found in evolution-data-server, the database backend server for the evolution groupware suite The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0587 It was discovered that evolution-data-server is prone to integer overflows triggered by large base64 strings CVE-2009-054 ...

Synopsis Moderate: evolution-data-server security update Type/Severity Security Advisory: Moderate Topic Updated evolution-data-server and evolution28-evolution-data-serverpackages that fix multiple security issues are now available for Red HatEnterprise Linux 4 and 5This update has been rated as having mo ...

Synopsis Moderate: evolution security update Type/Severity Security Advisory: Moderate Topic Updated evolution packages that fixes multiple security issues are nowavailable for Red Hat Enterprise Linux 3This update has been rated as having moderate security impact by the RedHat Security Response Team ...

Synopsis Moderate: evolution and evolution-data-server security update Type/Severity Security Advisory: Moderate Topic Updated evolution and evolution-data-server packages that fixes multiplesecurity issues are now available for Red Hat Enterprise Linux 4This update has been rated as having moderate securi ...

CWE-20 http://mail.gnome.org/archives/release-team/2009-March/msg00096.html http://www.securityfocus.com/bid/34109 http://secunia.com/advisories/34286 https://bugzilla.redhat.com/show_bug.cgi?id=487685 http://securitytracker.com/id?1021845 http://www.vupen.com/english/advisories/2009/0716 http://osvdb.org/52673 http://www.redhat.com/support/errata/RHSA-2009-0358.html http://www.redhat.com/support/errata/RHSA-2009-0354.html http://secunia.com/advisories/34348 http://www.redhat.com/support/errata/RHSA-2009-0355.html http://secunia.com/advisories/34338 http://secunia.com/advisories/34339 http://secunia.com/advisories/34363 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00666.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00672.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:078 http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://secunia.com/advisories/35065 http://www.debian.org/security/2009/dsa-1813 http://secunia.com/advisories/35357 https://exchange.xforce.ibmcloud.com/vulnerabilities/49233 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10081 https://nvd.nist.gov https://www.debian.org/security/./dsa-1813

CVE-2009-0582

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect