374 matches found
evolution-data-server: S/MIME signatures are considered to be valid even for modified messages (MITM)
Evolution 2.22.3.1 checks S/MIME signatures against a copy of the e-mail text within a signed-data blob, not the copy of the e-mail text displayed to the user, which allows remote attackers to spoof a signature by modifying the latter copy, a different vulnerability than CVE-2008-5077...
evolution-data-server: integer overflow in base64 encoding functions
Multiple integer overflows in Evolution Data Server aka evolution-data-server before 2.24.5 allow context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation in 1 addressbook/libebook/e-vcard.c in evc or 2 camel/camel-mime-utils.c in libcam...
evolution-data-server: insufficient checking of NTLM authentication challenge packets
The ntlmchallenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server aka evolution-data-server 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount o...
Moderate: Red Hat Security Advisory: evolution-data-server security update
Updated evolution-data-server and evolution28-evolution-data-server packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Evolution Data Server provide...
evolution and evolution-data-server security update
evolution: 2.0.2-41.el47.2 - Add patch for RH bug 488439 CVE-2009-0547, S/MIME signatures. 2.0.2-41.el47.1 - Add patch for RH bug 488439 CVE-2009-0582, NTLM authentication. - Add patch for RH bug 488439 CVE-2009-0587, Base64 encoding. evolution-data-server: 1.0.2-14.el47.1 - Add patch for RH bug...
CVE-2009-0587
Multiple integer overflows in Evolution Data Server aka evolution-data-server before 2.24.5 allow context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation in 1 addressbook/libebook/e-vcard.c in evc or 2 camel/camel-mime-utils.c in libcam...
CVE-2009-0587
Multiple integer overflows in Evolution Data Server aka evolution-data-server before 2.24.5 allow context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation in 1 addressbook/libebook/e-vcard.c in evc or 2 camel/camel-mime-utils.c in libcam...
Integer overflow
Multiple integer overflows in Evolution Data Server aka evolution-data-server before 2.24.5 allow context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation in 1 addressbook/libebook/e-vcard.c in evc or 2 camel/camel-mime-utils.c in libcam...
DEBIAN-CVE-2009-0587
Multiple integer overflows in Evolution Data Server aka evolution-data-server before 2.24.5 allow context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation in 1 addressbook/libebook/e-vcard.c in evc or 2 camel/camel-mime-utils.c in libcam...
DEBIAN-CVE-2009-0582
The ntlmchallenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server aka evolution-data-server 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount o...
CVE-2009-0582
The ntlmchallenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server aka evolution-data-server 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount o...
Authentication flaw
The ntlmchallenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server aka evolution-data-server 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount o...
CVE-2009-0582
The ntlmchallenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server aka evolution-data-server 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount o...
CVE-2009-0587
Multiple integer overflows in Evolution Data Server aka evolution-data-server before 2.24.5 allow context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation in 1 addressbook/libebook/e-vcard.c in evc or 2 camel/camel-mime-utils.c in libcam...
CVE-2009-0587
CVE-2009-0587 is a vulnerability in Evolution Data Server (EDS) and Evolution where multiple integer overflow flaws exist in the Base64 encoding path used by evc (addressbook/libebook/e-vcard.c) and libcamel (camel/camel-mime-utils.c). The issue could allow a context-dependent attacker to cause a...
CVE-2009-0587
Multiple integer overflows in Evolution Data Server aka evolution-data-server before 2.24.5 allow context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation in 1 addressbook/libebook/e-vcard.c in evc or 2 camel/camel-mime-utils.c in libcam...
CVE-2009-0587
Multiple integer overflows in Evolution Data Server aka evolution-data-server before 2.24.5 allow context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation in 1 addressbook/libebook/e-vcard.c in evc or 2 camel/camel-mime-utils.c in libcam...
CVE-2009-0582
CVE-2009-0582 concerns Evolution Data Server’s Evolution/evolution-data-server NTLM authentication. The ntlm_challenge function in Camel’s NTLM SASL implementation does not validate that the length field in an NTLM type 2 challenge is consistent with the packet data, allowing a remote server to c...
CVE-2009-0582
The ntlmchallenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server aka evolution-data-server 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount o...
CVE-2009-0582
The ntlmchallenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server aka evolution-data-server 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount o...