ID de Prueba:	1.3.6.1.4.1.25623.1.0.63582
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2009:0358
Resumen:	The remote host is missing updates announced in;advisory RHSA-2009:0358.;;Evolution is the integrated collection of e-mail, calendaring, contact;management, communications, and personal information management (PIM) tools;for the GNOME desktop environment.;;It was discovered that evolution did not properly validate NTLM (NT LAN;Manager) authentication challenge packets. A malicious server using NTLM;authentication could cause evolution to disclose portions of its memory or;crash during user authentication. (CVE-2009-0582);;An integer overflow flaw which could cause heap-based buffer overflow was;found in the Base64 encoding routine used by evolution. This could cause;evolution to crash, or, possibly, execute an arbitrary code when large;untrusted data blocks were Base64-encoded. (CVE-2009-0587);;All users of evolution are advised to upgrade to these updated packages,;which contain backported patches to correct these issues. All running;instances of evolution must be restarted for the update to take effect.
Descripción:	Summary: The remote host is missing updates announced in advisory RHSA-2009:0358. Evolution is the integrated collection of e-mail, calendaring, contact management, communications, and personal information management (PIM) tools for the GNOME desktop environment. It was discovered that evolution did not properly validate NTLM (NT LAN Manager) authentication challenge packets. A malicious server using NTLM authentication could cause evolution to disclose portions of its memory or crash during user authentication. (CVE-2009-0582) An integer overflow flaw which could cause heap-based buffer overflow was found in the Base64 encoding routine used by evolution. This could cause evolution to crash, or, possibly, execute an arbitrary code when large untrusted data blocks were Base64-encoded. (CVE-2009-0587) All users of evolution are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of evolution must be restarted for the update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0582 1021845 http://securitytracker.com/id?1021845 34109 http://www.securityfocus.com/bid/34109 34286 http://secunia.com/advisories/34286 34338 http://secunia.com/advisories/34338 34339 http://secunia.com/advisories/34339 34348 http://secunia.com/advisories/34348 34363 http://secunia.com/advisories/34363 35065 http://secunia.com/advisories/35065 35357 http://secunia.com/advisories/35357 52673 http://osvdb.org/52673 ADV-2009-0716 http://www.vupen.com/english/advisories/2009/0716 DSA-1813 http://www.debian.org/security/2009/dsa-1813 FEDORA-2009-2784 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00666.html FEDORA-2009-2792 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00672.html MDVSA-2009:078 http://www.mandriva.com/security/advisories?name=MDVSA-2009:078 RHSA-2009:0354 http://www.redhat.com/support/errata/RHSA-2009-0354.html RHSA-2009:0355 http://www.redhat.com/support/errata/RHSA-2009-0355.html RHSA-2009:0358 http://www.redhat.com/support/errata/RHSA-2009-0358.html SUSE-SR:2009:010 http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html [release-team] 20090312 Another Evolution-Data-Server freeze break http://mail.gnome.org/archives/release-team/2009-March/msg00096.html evolution-ntlmsasl-info-disclosure(49233) https://exchange.xforce.ibmcloud.com/vulnerabilities/49233 https://bugzilla.redhat.com/show_bug.cgi?id=487685 oval:org.mitre.oval:def:10081 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10081 Common Vulnerability Exposure (CVE) ID: CVE-2009-0587 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows http://www.securityfocus.com/archive/1/501712/100/0/threaded 34100 http://www.securityfocus.com/bid/34100 34351 http://secunia.com/advisories/34351 52702 http://osvdb.org/52702 52703 http://osvdb.org/52703 SUSE-SR:2010:012 http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html USN-733-1 http://www.ubuntu.com/usn/USN-733-1 [oss-security] 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows http://openwall.com/lists/oss-security/2009/03/12/2 http://ocert.org/patches/2008-015/camel-CVE-2009-0587.diff http://ocert.org/patches/2008-015/evc-CVE-2009-0587.diff http://www.ocert.org/advisories/ocert-2008-015.html oval:org.mitre.oval:def:11385 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11385
Copyright	Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.