Evolution Data Server Multiple Integer Overflow Vulnerabilities
Summary:
Check for the version of Evolution Data Server
Description:
Description:
Overview: This host is installed with Evolution Data Server and is prone to multiple integer overflow vulnerabilities.
Vulnerability Insight: - bug in Camel library while processing NTLM SASL packets. - bug in glib library while encoding and decoding Base64 data.
Impact: Successful exploitation will let the attacker execute arbitrary codes through long string that is converted to a base64 representation and can cause a client crash via NTLM authentication type 2 packet with a length value that exceeds the amount of packet data.
Affected Software/OS: Evolution Data Server version 2.24.5 and prior. Evolution Data Server version in range 2.25.x to 2.25.92