Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2009-0582
Description:The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount of data in a challenge packet, which allows remote mail servers to read information from the process memory of a client, or cause a denial of service (client crash), via an NTLM authentication type 2 packet with a length value that exceeds the amount of packet data.
Test IDs:  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2009-0582
BugTraq ID: 34109
Debian Security Information: DSA-1813 (Google Search)
RedHat Security Advisories: RHSA-2009:0354
RedHat Security Advisories: RHSA-2009:0355
RedHat Security Advisories: RHSA-2009:0358
SuSE Security Announcement: SUSE-SR:2009:010 (Google Search)
XForce ISS Database: evolution-ntlmsasl-info-disclosure(49233)

© 1998-2021 E-Soft Inc. All rights reserved.