CVE-2009-0582

Loading...

General

Score:5.8/10.0
Severity:Medium
Category:Input Validation Error

Impact Metrics

Confidentiality:Partial
Integrity:None
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Relative vulnerabilities

CVE-2009-0547, CVE-2009-0587

Published on 14/03/09 - Updated on 29/09/17

Description

The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount of data in a challenge packet, which allows remote mail servers to read information from the process memory of a client, or cause a denial of service (client crash), via an NTLM authentication type 2 packet with a length value that exceeds the amount of packet data.

Category: Input Validation Error

CWE-20 (Input Validation)
The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.

Security Notices

US National Vulnerability DatabaseCVE-2009-0582
Redhat RHSA-2009:0354
Renater 2009/VULN121

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
gnomeevolution-data-server

Share this vulnerability with:

Twitter Facebook LinkedIn Mail