[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-1813-1 evolution-data-server -- Several vulnerabilities

ID: oval:org.secpod.oval:def:600282Date: (C)2011-05-13   (M)2023-02-20
Class: PATCHFamily: unix




Several vulnerabilities have been found in evolution-data-server, the database backend server for the evolution groupware suite. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0587 It was discovered that evolution-data-server is prone to integer overflows triggered by large base64 strings. CVE-2009-0547 Joachim Breitner discovered that S/MIME signatures are not verified properly, which can lead to spoofing attacks. CVE-2009-0582 It was discovered that NTLM authentication challenge packets are not validated properly when using the NTLM authentication method, which could lead to an information disclosure or a denial of service. For the oldstable distribution , these problems have been fixed in version 1.6.3-5etch2. For the stable distribution , these problems have been fixed in version 2.22.3-1.1+lenny1. For the testing distribution and the unstable distribution , these problems have been fixed in version 2.26.1.1-1. We recommend that you upgrade your evolution-data-server packages.

Platform:
Debian 5.0
Debian 4.0
Product:
evolution-data-server
Reference:
DSA-1813-1
CVE-2009-0587
CVE-2009-0547
CVE-2009-0582
CVE    3
CVE-2009-0582
CVE-2009-0587
CVE-2009-0547
CPE    2
cpe:/o:debian:debian_linux:4.x
cpe:/o:debian:debian_linux:5.x

© SecPod Technologies