Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2009:0358
The remote host is missing updates announced in
advisory RHSA-2009:0358.

Evolution is the integrated collection of e-mail, calendaring, contact
management, communications, and personal information management (PIM) tools
for the GNOME desktop environment.

It was discovered that evolution did not properly validate NTLM (NT LAN
Manager) authentication challenge packets. A malicious server using NTLM
authentication could cause evolution to disclose portions of its memory or
crash during user authentication. (CVE-2009-0582)

An integer overflow flaw which could cause heap-based buffer overflow was
found in the Base64 encoding routine used by evolution. This could cause
evolution to crash, or, possibly, execute an arbitrary code when large
untrusted data blocks were Base64-encoded. (CVE-2009-0587)

All users of evolution are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. All running
instances of evolution must be restarted for the update to take effect.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-0582
BugTraq ID: 34109
Debian Security Information: DSA-1813 (Google Search)
SuSE Security Announcement: SUSE-SR:2009:010 (Google Search)
XForce ISS Database: evolution-ntlmsasl-info-disclosure(49233)
Common Vulnerability Exposure (CVE) ID: CVE-2009-0587
BugTraq ID: 34100
Bugtraq: 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows (Google Search)
SuSE Security Announcement: SUSE-SR:2010:012 (Google Search)
CopyrightCopyright (c) 2009 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.