QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2009-0582

Back to search

CVE-2009-0582

Published: Mar 14, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount of data in a challenge packet, which allows remote mail servers to read information from the process memory of a client, or cause a denial of service (client crash), via an NTLM authentication type 2 packet with a length value that exceeds the amount of packet data.

VendorProductVersions

n/a

n/a

affected
n/a

References

35357
third-party-advisory
x_refsource_SECUNIA
52673
vdb-entry
x_refsource_OSVDB
ADV-2009-0716
vdb-entry
x_refsource_VUPEN
FEDORA-2009-2792
vendor-advisory
x_refsource_FEDORA
34339
third-party-advisory
x_refsource_SECUNIA
RHSA-2009:0358
vendor-advisory
x_refsource_REDHAT
34348
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:10081
vdb-entry
signature
x_refsource_OVAL
34363
third-party-advisory
x_refsource_SECUNIA
1021845
vdb-entry
x_refsource_SECTRACK
35065
third-party-advisory
x_refsource_SECUNIA
34109
vdb-entry
x_refsource_BID
RHSA-2009:0355
vendor-advisory
x_refsource_REDHAT
DSA-1813
vendor-advisory
x_refsource_DEBIAN
SUSE-SR:2009:010
vendor-advisory
x_refsource_SUSE
RHSA-2009:0354
vendor-advisory
x_refsource_REDHAT
34338
third-party-advisory
x_refsource_SECUNIA
FEDORA-2009-2784
vendor-advisory
x_refsource_FEDORA
MDVSA-2009:078
vendor-advisory
x_refsource_MANDRIVA
34286
third-party-advisory
x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now