CVE-2009-0587
evolution-data-server: integer overflow in base64 encoding functions
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple integer overflows in Evolution Data Server (aka evolution-data-server) before 2.24.5 allow context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation in (1) addressbook/libebook/e-vcard.c in evc or (2) camel/camel-mime-utils.c in libcamel.
Múltiples desbordamientos de enteros en Evolution Data Server (alias Evolution-Data-Server) antes de la version 2.24.5 permiten a atacantes dependientes de contexto ejecutar código arbitrario a través de una cadena demasiado larga que es convertida en una representación en base64 en (1) addressbook/libebook/e-vcard.c en evc o (2) camel/camel-mime-utils.c en libcamel.
A wrong handling of signed Secure/Multipurpose Internet Mail Extensions (S/MIME) e-mail messages enables attackers to spoof its signatures by modifying the latter copy. Crafted authentication challange packets (NT Lan Manager type 2) sent by a malicious remote mail server enables remote attackers either to cause denial of service and to read information from the process memory of the client. Multiple integer overflows in Base64 encoding functions enables attackers either to cause denial of service and to execute arbitrary code. This update provides fixes for those vulnerabilities. evolution-data-server packages from Mandriva Linux distributions 2008.1 and 2009.0 are not affected by CVE-2009-0587.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-02-13 CVE Reserved
- 2009-03-12 CVE Published
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-189: Numeric Errors
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (23)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/52702 | Vdb Entry | |
| http://osvdb.org/52703 | Vdb Entry | |
| http://secunia.com/advisories/34338 | Third Party Advisory | |
| http://secunia.com/advisories/34339 | Third Party Advisory | |
| http://secunia.com/advisories/34348 | Third Party Advisory | |
| http://secunia.com/advisories/34351 | Third Party Advisory | |
| http://secunia.com/advisories/35357 | Third Party Advisory | |
| http://www.ocert.org/advisories/ocert-2008-015.html | X_refsource_misc | |
| http://www.securityfocus.com/archive/1/501712/100/0/threaded | Mailing List | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11385 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://ocert.org/patches/2008-015/camel-CVE-2009-0587.diff | 2023-02-13 | |
| http://ocert.org/patches/2008-015/evc-CVE-2009-0587.diff | 2023-02-13 | |
| http://openwall.com/lists/oss-security/2009/03/12/2 | 2023-02-13 | |
| http://www.securityfocus.com/bid/34100 | 2023-02-13 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Go-evolution Search vendor "Go-evolution" | Evolution-data-server Search vendor "Go-evolution" for product "Evolution-data-server" | <= 2.24.4 Search vendor "Go-evolution" for product "Evolution-data-server" and version " <= 2.24.4" | - |
Affected
| ||||||