ID de Prueba:	1.3.6.1.4.1.25623.1.0.63649
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2009:078 (evolution-data-server)
Resumen:	The remote host is missing an update to evolution-data-server;announced via advisory MDVSA-2009:078.
Descripción:	Summary: The remote host is missing an update to evolution-data-server announced via advisory MDVSA-2009:078. Vulnerability Insight: A wrong handling of signed Secure/Multipurpose Internet Mail Extensions (S/MIME) e-mail messages enables attackers to spoof its signatures by modifying the latter copy (CVE-2009-0547). Crafted authentication challenge packets (NT Lan Manager type 2) sent by a malicious remote mail server enables remote attackers either to cause denial of service and to read information from the process memory of the client (CVE-2009-0582). Multiple integer overflows in Base64 encoding functions enables attackers either to cause denial of service and to execute arbitrary code (CVE-2009-0587). This update provides fixes for those vulnerabilities. Update: evolution-data-server packages from Mandriva Linux distributions 2008.1 and 2009.0 are not affected by CVE-2009-0587. Affected: 2008.0, 2008.1, 2009.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0547 BugTraq ID: 33720 http://www.securityfocus.com/bid/33720 Debian Security Information: DSA-1813 (Google Search) http://www.debian.org/security/2009/dsa-1813 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00666.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00672.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:078 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508479 http://openwall.com/lists/oss-security/2009/02/10/7 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9619 http://www.redhat.com/support/errata/RHSA-2009-0354.html http://www.redhat.com/support/errata/RHSA-2009-0355.html http://secunia.com/advisories/33848 http://secunia.com/advisories/34338 http://secunia.com/advisories/34339 http://secunia.com/advisories/34363 http://secunia.com/advisories/35357 http://secunia.com/advisories/38915 SuSE Security Announcement: SUSE-SR:2010:006 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html SuSE Security Announcement: SUSE-SR:2010:011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html SuSE Security Announcement: SUSE-SR:2010:012 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html http://www.vupen.com/english/advisories/2010/1107 Common Vulnerability Exposure (CVE) ID: CVE-2009-0582 1021845 http://securitytracker.com/id?1021845 34109 http://www.securityfocus.com/bid/34109 34286 http://secunia.com/advisories/34286 34338 34339 34348 http://secunia.com/advisories/34348 34363 35065 http://secunia.com/advisories/35065 35357 52673 http://osvdb.org/52673 ADV-2009-0716 http://www.vupen.com/english/advisories/2009/0716 DSA-1813 FEDORA-2009-2784 FEDORA-2009-2792 MDVSA-2009:078 RHSA-2009:0354 RHSA-2009:0355 RHSA-2009:0358 http://www.redhat.com/support/errata/RHSA-2009-0358.html SUSE-SR:2009:010 http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html [release-team] 20090312 Another Evolution-Data-Server freeze break http://mail.gnome.org/archives/release-team/2009-March/msg00096.html evolution-ntlmsasl-info-disclosure(49233) https://exchange.xforce.ibmcloud.com/vulnerabilities/49233 https://bugzilla.redhat.com/show_bug.cgi?id=487685 oval:org.mitre.oval:def:10081 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10081 Common Vulnerability Exposure (CVE) ID: CVE-2009-0587 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows http://www.securityfocus.com/archive/1/501712/100/0/threaded 34100 http://www.securityfocus.com/bid/34100 34351 http://secunia.com/advisories/34351 52702 http://osvdb.org/52702 52703 http://osvdb.org/52703 SUSE-SR:2010:012 USN-733-1 http://www.ubuntu.com/usn/USN-733-1 [oss-security] 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows http://openwall.com/lists/oss-security/2009/03/12/2 http://ocert.org/patches/2008-015/camel-CVE-2009-0587.diff http://ocert.org/patches/2008-015/evc-CVE-2009-0587.diff http://www.ocert.org/advisories/ocert-2008-015.html oval:org.mitre.oval:def:11385 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11385
Copyright	Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.