CVE-2009-0582

Published: Mar 14, 2009Modified: Apr 23, 2026

5.8

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:P

Exploitability: 8.6 / Impact: 4.9

Source: NVD

Description

The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount of data in a challenge packet, which allows remote mail servers to read information from the process memory of a client, or cause a denial of service (client crash), via an NTLM authentication type 2 packet with a length value that exceeds the amount of packet data.

Affected (2)

Products: Gnome: Evolution Data Server

1 product

Evolution Data Server

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Gnome Evolution Data Server	Up to 2.24.5
Gnome Evolution Data Server	Version 2.25.92

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (46)

http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html

Source: secalert@redhat.com

http://mail.gnome.org/archives/release-team/2009-March/msg00096.html

Source: secalert@redhat.com

http://osvdb.org/52673

Source: secalert@redhat.com

http://secunia.com/advisories/34286

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/34338

Source: secalert@redhat.com

http://secunia.com/advisories/34339

Source: secalert@redhat.com

http://secunia.com/advisories/34348

Source: secalert@redhat.com

http://secunia.com/advisories/34363

Source: secalert@redhat.com

http://secunia.com/advisories/35065

Source: secalert@redhat.com

http://secunia.com/advisories/35357

Source: secalert@redhat.com

http://securitytracker.com/id?1021845

Source: secalert@redhat.com

http://www.debian.org/security/2009/dsa-1813

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2009:078

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2009-0354.html

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2009-0355.html

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2009-0358.html

Source: secalert@redhat.com

http://www.securityfocus.com/bid/34109

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2009/0716

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=487685

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/49233

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10081

Source: secalert@redhat.com

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00666.html

Source: secalert@redhat.com

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00672.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://mail.gnome.org/archives/release-team/2009-March/msg00096.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/52673

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/34286

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/34338

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/34339

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/34348

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/34363

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/35065

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/35357

Source: af854a3a-2127-422b-91ae-364da2661108

http://securitytracker.com/id?1021845

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2009/dsa-1813

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2009:078

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2009-0354.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2009-0355.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2009-0358.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/34109

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2009/0716

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=487685

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/49233

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10081

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00666.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00672.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.