Buffer overflow : Evolution Data Server Multiple Integer Overflow Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.800254
Categoría:	Buffer overflow
Título:	Evolution Data Server Multiple Integer Overflow Vulnerabilities
Resumen:	Evolution Data Server is prone to multiple integer overflow vulnerabilities.
Descripción:	Summary: Evolution Data Server is prone to multiple integer overflow vulnerabilities. Vulnerability Insight: - bug in Camel library while processing NTLM SASL packets. - bug in glib library while encoding and decoding Base64 data. Vulnerability Impact: Successful exploitation will let the attacker execute arbitrary codes through long string that is converted to a base64 representation and can cause a client crash via NTLM authentication type 2 packet with a length value that exceeds the amount of packet data. Affected Software/OS: Evolution Data Server version 2.24.5 and prior. Evolution Data Server version in range 2.25.x to 2.25.92. Solution: Upgrade to version 2.26 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0582 1021845 http://securitytracker.com/id?1021845 34109 http://www.securityfocus.com/bid/34109 34286 http://secunia.com/advisories/34286 34338 http://secunia.com/advisories/34338 34339 http://secunia.com/advisories/34339 34348 http://secunia.com/advisories/34348 34363 http://secunia.com/advisories/34363 35065 http://secunia.com/advisories/35065 35357 http://secunia.com/advisories/35357 52673 http://osvdb.org/52673 ADV-2009-0716 http://www.vupen.com/english/advisories/2009/0716 DSA-1813 http://www.debian.org/security/2009/dsa-1813 FEDORA-2009-2784 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00666.html FEDORA-2009-2792 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00672.html MDVSA-2009:078 http://www.mandriva.com/security/advisories?name=MDVSA-2009:078 RHSA-2009:0354 http://www.redhat.com/support/errata/RHSA-2009-0354.html RHSA-2009:0355 http://www.redhat.com/support/errata/RHSA-2009-0355.html RHSA-2009:0358 http://www.redhat.com/support/errata/RHSA-2009-0358.html SUSE-SR:2009:010 http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html [release-team] 20090312 Another Evolution-Data-Server freeze break http://mail.gnome.org/archives/release-team/2009-March/msg00096.html evolution-ntlmsasl-info-disclosure(49233) https://exchange.xforce.ibmcloud.com/vulnerabilities/49233 https://bugzilla.redhat.com/show_bug.cgi?id=487685 oval:org.mitre.oval:def:10081 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10081 Common Vulnerability Exposure (CVE) ID: CVE-2009-0587 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows http://www.securityfocus.com/archive/1/501712/100/0/threaded 34100 http://www.securityfocus.com/bid/34100 34351 http://secunia.com/advisories/34351 52702 http://osvdb.org/52702 52703 http://osvdb.org/52703 SUSE-SR:2010:012 http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html USN-733-1 http://www.ubuntu.com/usn/USN-733-1 [oss-security] 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows http://openwall.com/lists/oss-security/2009/03/12/2 http://ocert.org/patches/2008-015/camel-CVE-2009-0587.diff http://ocert.org/patches/2008-015/evc-CVE-2009-0587.diff http://www.ocert.org/advisories/ocert-2008-015.html oval:org.mitre.oval:def:11385 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11385
Copyright	Copyright (C) 2009 Greenbone AG