[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

95906

 
 

909

 
 

77986

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-1813-1 evolution-data-server -- Several vulnerabilities

ID: oval:org.secpod.oval:def:600282Date: (C)2011-05-13   (M)2017-10-04
Class: PATCHFamily: unix




Several vulnerabilities have been found in evolution-data-server, the database backend server for the evolution groupware suite. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0587 It was discovered that evolution-data-server is prone to integer overflows triggered by large base64 strings. CVE-2009-0547 Joachim Breitner discovered that S/MIME signatures are not verified properly, which can lead to spoofing attacks. CVE-2009-0582 It was discovered that NTLM authentication challenge packets are not validated properly when using the NTLM authentication method, which could lead to an information disclosure or a denial of service. For the oldstable distribution , these problems have been fixed in version 1.6.3-5etch2. For the stable distribution , these problems have been fixed in version 2.22.3-1.1+lenny1. For the testing distribution and the unstable distribution , these problems have been fixed in version 2.26.1.1-1. We recommend that you upgrade your evolution-data-server packages.

Platform:
Debian 5.0
Debian 4.0
Product:
evolution-data-server
Reference:
DSA-1813-1
CVE-2009-0587
CVE-2009-0547
CVE-2009-0582
CVE    3
CVE-2009-0547
CVE-2009-0582
CVE-2009-0587

© 2013 SecPod Technologies