|
|
| |
|
| |
evolution-data-server: multiple vulnerabilities
| Package(s): | evolution-data-server |
CVE #(s): | CVE-2009-0547
CVE-2009-0582
CVE-2009-0587
|
| Created: | March 16, 2009 |
Updated: | May 25, 2010 |
| Description: |
From the Red Hat advisory:
Evolution Data Server did not properly check the Secure/Multipurpose
Internet Mail Extensions (S/MIME) signatures used for public key encryption
and signing of e-mail messages. An attacker could use this flaw to spoof a
signature by modifying the text of the e-mail message displayed to the
user. (CVE-2009-0547)
It was discovered that Evolution Data Server did not properly validate NTLM
(NT LAN Manager) authentication challenge packets. A malicious server using
NTLM authentication could cause an application using Evolution Data Server
to disclose portions of its memory or crash during user authentication.
(CVE-2009-0582)
Multiple integer overflow flaws which could cause heap-based buffer
overflows were found in the Base64 encoding routines used by Evolution Data
Server. This could cause an application using Evolution Data Server to
crash, or, possibly, execute an arbitrary code when large untrusted data
blocks were Base64-encoded. (CVE-2009-0587)
|
| Alerts: |
|
( Log in to post comments)
|
|
|