CVE-2009-0582

EPSS 3.48%
Veröffentlicht 14.03.2009 18:30:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount of data in a challenge packet, which allows remote mail servers to read information from the process memory of a client, or cause a denial of service (client crash), via an NTLM authentication type 2 packet with a length value that exceeds the amount of packet data.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 26

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gnome ≫ Evolution-data-server Version <= 2.24.5

Gnome ≫ Evolution-data-server Version2.25.92

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.48%	0.864

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html

http://secunia.com/advisories/35065

http://secunia.com/advisories/34338

http://secunia.com/advisories/34339

http://secunia.com/advisories/34363

http://secunia.com/advisories/35357

http://www.debian.org/security/2009/dsa-1813

http://www.mandriva.com/security/advisories?name=MDVSA-2009:078

http://www.redhat.com/support/errata/RHSA-2009-0354.html

http://www.redhat.com/support/errata/RHSA-2009-0355.html

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00666.html

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00672.html