Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.63582
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2009:0358
Summary:NOSUMMARY
Description:Description:
The remote host is missing updates announced in
advisory RHSA-2009:0358.

Evolution is the integrated collection of e-mail, calendaring, contact
management, communications, and personal information management (PIM) tools
for the GNOME desktop environment.

It was discovered that evolution did not properly validate NTLM (NT LAN
Manager) authentication challenge packets. A malicious server using NTLM
authentication could cause evolution to disclose portions of its memory or
crash during user authentication. (CVE-2009-0582)

An integer overflow flaw which could cause heap-based buffer overflow was
found in the Base64 encoding routine used by evolution. This could cause
evolution to crash, or, possibly, execute an arbitrary code when large
untrusted data blocks were Base64-encoded. (CVE-2009-0587)

All users of evolution are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. All running
instances of evolution must be restarted for the update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2009-0358.html
http://www.redhat.com/security/updates/classification/#moderate

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-0582
BugTraq ID: 34109
http://www.securityfocus.com/bid/34109
Debian Security Information: DSA-1813 (Google Search)
http://www.debian.org/security/2009/dsa-1813
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00666.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00672.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:078
http://mail.gnome.org/archives/release-team/2009-March/msg00096.html
http://osvdb.org/52673
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10081
http://www.redhat.com/support/errata/RHSA-2009-0354.html
http://www.redhat.com/support/errata/RHSA-2009-0355.html
http://www.redhat.com/support/errata/RHSA-2009-0358.html
http://securitytracker.com/id?1021845
http://secunia.com/advisories/34286
http://secunia.com/advisories/34338
http://secunia.com/advisories/34339
http://secunia.com/advisories/34348
http://secunia.com/advisories/34363
http://secunia.com/advisories/35065
http://secunia.com/advisories/35357
SuSE Security Announcement: SUSE-SR:2009:010 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
http://www.vupen.com/english/advisories/2009/0716
XForce ISS Database: evolution-ntlmsasl-info-disclosure(49233)
https://exchange.xforce.ibmcloud.com/vulnerabilities/49233
Common Vulnerability Exposure (CVE) ID: CVE-2009-0587
BugTraq ID: 34100
http://www.securityfocus.com/bid/34100
Bugtraq: 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows (Google Search)
http://www.securityfocus.com/archive/1/501712/100/0/threaded
http://ocert.org/patches/2008-015/camel-CVE-2009-0587.diff
http://ocert.org/patches/2008-015/evc-CVE-2009-0587.diff
http://www.ocert.org/advisories/ocert-2008-015.html
http://openwall.com/lists/oss-security/2009/03/12/2
http://osvdb.org/52702
http://osvdb.org/52703
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11385
http://secunia.com/advisories/34351
SuSE Security Announcement: SUSE-SR:2010:012 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html
http://www.ubuntu.com/usn/USN-733-1
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.