Published: 14/03/2009 Updated: 13/02/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple integer overflows in Evolution Data Server (aka evolution-data-server) prior to 2.24.5 allow context-dependent malicious users to execute arbitrary code via a long string that is converted to a base64 representation in (1) addressbook/libebook/e-vcard.c in evc or (2) camel/camel-mime-utils.c in libcamel.

Vulnerable Product	Search on Vulmon	Subscribe to Product
go-evolution evolution-data-server

It was discovered that the Base64 encoding functions in evolution-data-server did not properly handle large strings If a user were tricked into opening a specially crafted image file, or tricked into connecting to a malicious server, an attacker could possibly execute arbitrary code with user privileges ...

Several vulnerabilities have been found in evolution-data-server, the database backend server for the evolution groupware suite The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0587 It was discovered that evolution-data-server is prone to integer overflows triggered by large base64 strings CVE-2009-054 ...

Synopsis Moderate: evolution-data-server security update Type/Severity Security Advisory: Moderate Topic Updated evolution-data-server and evolution28-evolution-data-serverpackages that fix multiple security issues are now available for Red HatEnterprise Linux 4 and 5This update has been rated as having mo ...

Synopsis Moderate: evolution security update Type/Severity Security Advisory: Moderate Topic Updated evolution packages that fixes multiple security issues are nowavailable for Red Hat Enterprise Linux 3This update has been rated as having moderate security impact by the RedHat Security Response Team ...

Synopsis Moderate: evolution and evolution-data-server security update Type/Severity Security Advisory: Moderate Topic Updated evolution and evolution-data-server packages that fixes multiplesecurity issues are now available for Red Hat Enterprise Linux 4This update has been rated as having moderate securi ...

CWE-189 http://www.securityfocus.com/bid/34100 http://openwall.com/lists/oss-security/2009/03/12/2 http://ocert.org/patches/2008-015/camel-CVE-2009-0587.diff http://ocert.org/patches/2008-015/evc-CVE-2009-0587.diff http://www.ocert.org/advisories/ocert-2008-015.html http://osvdb.org/52702 http://osvdb.org/52703 http://secunia.com/advisories/34339 http://www.ubuntu.com/usn/USN-733-1 http://www.redhat.com/support/errata/RHSA-2009-0354.html http://secunia.com/advisories/34338 http://www.redhat.com/support/errata/RHSA-2009-0355.html http://secunia.com/advisories/34351 http://www.redhat.com/support/errata/RHSA-2009-0358.html http://secunia.com/advisories/34348 http://www.mandriva.com/security/advisories?name=MDVSA-2009:078 http://www.debian.org/security/2009/dsa-1813 http://secunia.com/advisories/35357 http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11385 http://www.securityfocus.com/archive/1/501712/100/0/threaded https://usn.ubuntu.com/733-1/https://nvd.nist.gov

CVE-2009-0587

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect