CVE-2009-0582
evolution-data-server: insufficient checking of NTLM authentication challenge packets
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount of data in a challenge packet, which allows remote mail servers to read information from the process memory of a client, or cause a denial of service (client crash), via an NTLM authentication type 2 packet with a length value that exceeds the amount of packet data.
La función ntlm_challenge en el mecanismo de autenticación NTLM SASL de camel/camel-sasl-ntlm.c en Camel en Evolution Data Server (alias evolution-data-server) 2.24.5 y anteriores, and 2.25.92 and earlier 2.25.x , no valida si cierto valor de longitud es coherente con la cantidad de datos almacenados en el paquete del desafío, lo cual permite leer, a los servidores de correo remotos, información de la memoria del proceso de un cliente, o provocar una denegación de servicio (con caida del cliente), a través de una autenticación NTLM autenticación de tipo 2 con un valor de longitud del paquete que supera la cantidad de paquetes de datos.
A wrong handling of signed Secure/Multipurpose Internet Mail Extensions (S/MIME) e-mail messages enables attackers to spoof its signatures by modifying the latter copy. Crafted authentication challange packets (NT Lan Manager type 2) sent by a malicious remote mail server enables remote attackers either to cause denial of service and to read information from the process memory of the client. Multiple integer overflows in Base64 encoding functions enables attackers either to cause denial of service and to execute arbitrary code. This update provides fixes for those vulnerabilities. evolution-data-server packages from Mandriva Linux distributions 2008.1 and 2009.0 are not affected by CVE-2009-0587.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-02-13 CVE Reserved
- 2009-03-14 CVE Published
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (24)
| URL | Tag | Source |
|---|---|---|
| http://mail.gnome.org/archives/release-team/2009-March/msg00096.html | Mailing List | |
| http://osvdb.org/52673 | Vdb Entry | |
| http://secunia.com/advisories/34338 | Third Party Advisory | |
| http://secunia.com/advisories/34339 | Third Party Advisory | |
| http://secunia.com/advisories/34348 | Third Party Advisory | |
| http://secunia.com/advisories/34363 | Third Party Advisory | |
| http://secunia.com/advisories/35065 | Third Party Advisory | |
| http://secunia.com/advisories/35357 | Third Party Advisory | |
| http://securitytracker.com/id?1021845 | Vdb Entry | |
| http://www.securityfocus.com/bid/34109 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2009/0716 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/49233 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10081 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Gnome Search vendor "Gnome" | Evolution-data-server Search vendor "Gnome" for product "Evolution-data-server" | <= 2.24.5 Search vendor "Gnome" for product "Evolution-data-server" and version " <= 2.24.5" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Evolution-data-server Search vendor "Gnome" for product "Evolution-data-server" | 2.25.92 Search vendor "Gnome" for product "Evolution-data-server" and version "2.25.92" | - |
Affected
| ||||||