ID de Prueba:	1.3.6.1.4.1.25623.1.0.800254
Categoría:	Buffer overflow
Título:	Evolution Data Server Multiple Integer Overflow Vulnerabilities
Resumen:	This host is installed with Evolution Data Server and is prone to; multiple integer overflow vulnerabilities.
Descripción:	Summary: This host is installed with Evolution Data Server and is prone to multiple integer overflow vulnerabilities. Vulnerability Insight: - bug in Camel library while processing NTLM SASL packets. - bug in glib library while encoding and decoding Base64 data. Vulnerability Impact: Successful exploitation will let the attacker execute arbitrary codes through long string that is converted to a base64 representation and can cause a client crash via NTLM authentication type 2 packet with a length value that exceeds the amount of packet data. Affected Software/OS: Evolution Data Server version 2.24.5 and prior. Evolution Data Server version in range 2.25.x to 2.25.92. Solution: Upgrade to version 2.26 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	BugTraq ID: 34109 BugTraq ID: 34100 Common Vulnerability Exposure (CVE) ID: CVE-2009-0582 http://www.securityfocus.com/bid/34109 Debian Security Information: DSA-1813 (Google Search) http://www.debian.org/security/2009/dsa-1813 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00666.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00672.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:078 http://mail.gnome.org/archives/release-team/2009-March/msg00096.html http://osvdb.org/52673 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10081 http://www.redhat.com/support/errata/RHSA-2009-0354.html http://www.redhat.com/support/errata/RHSA-2009-0355.html http://www.redhat.com/support/errata/RHSA-2009-0358.html http://securitytracker.com/id?1021845 http://secunia.com/advisories/34286 http://secunia.com/advisories/34338 http://secunia.com/advisories/34339 http://secunia.com/advisories/34348 http://secunia.com/advisories/34363 http://secunia.com/advisories/35065 http://secunia.com/advisories/35357 SuSE Security Announcement: SUSE-SR:2009:010 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://www.vupen.com/english/advisories/2009/0716 XForce ISS Database: evolution-ntlmsasl-info-disclosure(49233) https://exchange.xforce.ibmcloud.com/vulnerabilities/49233 Common Vulnerability Exposure (CVE) ID: CVE-2009-0587 http://www.securityfocus.com/bid/34100 Bugtraq: 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows (Google Search) http://www.securityfocus.com/archive/1/501712/100/0/threaded http://ocert.org/patches/2008-015/camel-CVE-2009-0587.diff http://ocert.org/patches/2008-015/evc-CVE-2009-0587.diff http://www.ocert.org/advisories/ocert-2008-015.html http://openwall.com/lists/oss-security/2009/03/12/2 http://osvdb.org/52702 http://osvdb.org/52703 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11385 http://secunia.com/advisories/34351 SuSE Security Announcement: SUSE-SR:2010:012 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html http://www.ubuntu.com/usn/USN-733-1
Copyright	Copyright (C) 2009 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.