VDB
CVE-2009-0582
CVE-2009-0582
PUBLISHED
CVSS 5.800000190734863 MEDIUM
The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount of data in a challenge packet, which allows remote mail servers to read information from the process memory of a client, or cause a denial of service (client crash), via an NTLM authentication type 2 packet with a length value that exceeds the amount of packet data.
EPSS 3.43% · 87.7th percentile
Risk Scores
CVSS 2.0
5.800000190734863
EPSS Score
3.43%
87.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| gnome | evolution-data-server | 0, 2.25.92 |
Timeline
- Mar 14, 2009 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
References
- 35357 third-party-advisory
- 52673 vdb
- ADV-2009-0716 vdb
- FEDORA-2009-2792 vendor-advisory
- 34339 third-party-advisory
- RHSA-2009:0358 vendor-advisory
- 34348 third-party-advisory
- oval:org.mitre.oval:def:10081 vdb
- 34363 third-party-advisory
- [release-team] 20090312 Another Evolution-Data-Server freeze break mailing-list
- 1021845 vdb
- 35065 third-party-advisory
- evolution-ntlmsasl-info-disclosure(49233) vdb
- 34109 vdb
- RHSA-2009:0355 vendor-advisory
- DSA-1813 vendor-advisory
- SUSE-SR:2009:010 vendor-advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=487685 url
- RHSA-2009:0354 vendor-advisory
- 34338 third-party-advisory
…and 4 more