Vulnerabilities > CVE-2009-0587 - Numeric Errors vulnerability in Go-Evolution Evolution-Data-Server
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Multiple integer overflows in Evolution Data Server (aka evolution-data-server) before 2.24.5 allow context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation in (1) addressbook/libebook/e-vcard.c in evc or (2) camel/camel-mime-utils.c in libcamel.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_EVOLUTION-DATA-SERVER-100208.NASL description This update fixes the following vulnerability : evolution considered S/MIME signatures to be valid even for modified mails. (CVE-2009-0547: CVSS v2 Base Score: 5.0) Additionally the following bug has been fixed : - A POP3 server sending overly long lines could crash evolution. last seen 2020-06-01 modified 2020-06-02 plugin id 45036 published 2010-03-11 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45036 title SuSE 11 Security Update : evolution-data-server (SAT Patch Number 1944) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2009-0358.NASL description Updated evolution packages that fixes multiple security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Evolution is the integrated collection of e-mail, calendaring, contact management, communications, and personal information management (PIM) tools for the GNOME desktop environment. It was discovered that evolution did not properly validate NTLM (NT LAN Manager) authentication challenge packets. A malicious server using NTLM authentication could cause evolution to disclose portions of its memory or crash during user authentication. (CVE-2009-0582) An integer overflow flaw which could cause heap-based buffer overflow was found in the Base64 encoding routine used by evolution. This could cause evolution to crash, or, possibly, execute an arbitrary code when large untrusted data blocks were Base64-encoded. (CVE-2009-0587) All users of evolution are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of evolution must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 35931 published 2009-03-17 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/35931 title CentOS 3 : evolution (CESA-2009:0358) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-733-1.NASL description It was discovered that the Base64 encoding functions in evolution-data-server did not properly handle large strings. If a user were tricked into opening a specially crafted image file, or tricked into connecting to a malicious server, an attacker could possibly execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 36746 published 2009-04-23 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36746 title Ubuntu 6.06 LTS / 7.10 : evolution-data-server vulnerability (USN-733-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-0358.NASL description Updated evolution packages that fixes multiple security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Evolution is the integrated collection of e-mail, calendaring, contact management, communications, and personal information management (PIM) tools for the GNOME desktop environment. It was discovered that evolution did not properly validate NTLM (NT LAN Manager) authentication challenge packets. A malicious server using NTLM authentication could cause evolution to disclose portions of its memory or crash during user authentication. (CVE-2009-0582) An integer overflow flaw which could cause heap-based buffer overflow was found in the Base64 encoding routine used by evolution. This could cause evolution to crash, or, possibly, execute an arbitrary code when large untrusted data blocks were Base64-encoded. (CVE-2009-0587) All users of evolution are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of evolution must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 35947 published 2009-03-17 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/35947 title RHEL 3 : evolution (RHSA-2009:0358) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1813.NASL description Several vulnerabilities have been found in evolution-data-server, the database backend server for the evolution groupware suite. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0587 It was discovered that evolution-data-server is prone to integer overflows triggered by large base64 strings. - CVE-2009-0547 Joachim Breitner discovered that S/MIME signatures are not verified properly, which can lead to spoofing attacks. - CVE-2009-0582 It was discovered that NTLM authentication challenge packets are not validated properly when using the NTLM authentication method, which could lead to an information disclosure or a denial of service. last seen 2020-06-01 modified 2020-06-02 plugin id 39334 published 2009-06-09 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/39334 title Debian DSA-1813-1 : evolution-data-server - Several vulnerabilities NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2009-0355.NASL description From Red Hat Security Advisory 2009:0355 : Updated evolution and evolution-data-server packages that fixes multiple security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Evolution is the integrated collection of e-mail, calendaring, contact management, communications, and personal information management (PIM) tools for the GNOME desktop environment. Evolution Data Server provides a unified back-end for applications which interact with contacts, task and calendar information. Evolution Data Server was originally developed as a back-end for Evolution, but is now used by multiple other applications. Evolution did not properly check the Secure/Multipurpose Internet Mail Extensions (S/MIME) signatures used for public key encryption and signing of e-mail messages. An attacker could use this flaw to spoof a signature by modifying the text of the e-mail message displayed to the user. (CVE-2009-0547) It was discovered that evolution did not properly validate NTLM (NT LAN Manager) authentication challenge packets. A malicious server using NTLM authentication could cause evolution to disclose portions of its memory or crash during user authentication. (CVE-2009-0582) Multiple integer overflow flaws which could cause heap-based buffer overflows were found in the Base64 encoding routines used by evolution and evolution-data-server. This could cause evolution, or an application using evolution-data-server, to crash, or, possibly, execute an arbitrary code when large untrusted data blocks were Base64-encoded. (CVE-2009-0587) All users of evolution and evolution-data-server are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of evolution and evolution-data-server must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 67826 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67826 title Oracle Linux 4 : evolution / evolution-data-server (ELSA-2009-0355) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2009-0354.NASL description From Red Hat Security Advisory 2009:0354 : Updated evolution-data-server and evolution28-evolution-data-server packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Evolution Data Server provides a unified back-end for applications which interact with contacts, task, and calendar information. Evolution Data Server was originally developed as a back-end for Evolution, but is now used by multiple other applications. Evolution Data Server did not properly check the Secure/Multipurpose Internet Mail Extensions (S/MIME) signatures used for public key encryption and signing of e-mail messages. An attacker could use this flaw to spoof a signature by modifying the text of the e-mail message displayed to the user. (CVE-2009-0547) It was discovered that Evolution Data Server did not properly validate NTLM (NT LAN Manager) authentication challenge packets. A malicious server using NTLM authentication could cause an application using Evolution Data Server to disclose portions of its memory or crash during user authentication. (CVE-2009-0582) Multiple integer overflow flaws which could cause heap-based buffer overflows were found in the Base64 encoding routines used by Evolution Data Server. This could cause an application using Evolution Data Server to crash, or, possibly, execute an arbitrary code when large untrusted data blocks were Base64-encoded. (CVE-2009-0587) All users of evolution-data-server and evolution28-evolution-data-server are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Evolution Data Server and applications using it (such as Evolution) must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 67825 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67825 title Oracle Linux 4 / 5 : evolution-data-server (ELSA-2009-0354) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-078.NASL description A wrong handling of signed Secure/Multipurpose Internet Mail Extensions (S/MIME) e-mail messages enables attackers to spoof its signatures by modifying the latter copy (CVE-2009-0547). Crafted authentication challange packets (NT Lan Manager type 2) sent by a malicious remote mail server enables remote attackers either to cause denial of service and to read information from the process memory of the client (CVE-2009-0582). Multiple integer overflows in Base64 encoding functions enables attackers either to cause denial of service and to execute arbitrary code (CVE-2009-0587). This update provides fixes for those vulnerabilities. Update : evolution-data-server packages from Mandriva Linux distributions 2008.1 and 2009.0 are not affected by CVE-2009-0587. last seen 2020-06-01 modified 2020-06-02 plugin id 37259 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/37259 title Mandriva Linux Security Advisory : evolution-data-server (MDVSA-2009:078) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-0354.NASL description Updated evolution-data-server and evolution28-evolution-data-server packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Evolution Data Server provides a unified back-end for applications which interact with contacts, task, and calendar information. Evolution Data Server was originally developed as a back-end for Evolution, but is now used by multiple other applications. Evolution Data Server did not properly check the Secure/Multipurpose Internet Mail Extensions (S/MIME) signatures used for public key encryption and signing of e-mail messages. An attacker could use this flaw to spoof a signature by modifying the text of the e-mail message displayed to the user. (CVE-2009-0547) It was discovered that Evolution Data Server did not properly validate NTLM (NT LAN Manager) authentication challenge packets. A malicious server using NTLM authentication could cause an application using Evolution Data Server to disclose portions of its memory or crash during user authentication. (CVE-2009-0582) Multiple integer overflow flaws which could cause heap-based buffer overflows were found in the Base64 encoding routines used by Evolution Data Server. This could cause an application using Evolution Data Server to crash, or, possibly, execute an arbitrary code when large untrusted data blocks were Base64-encoded. (CVE-2009-0587) All users of evolution-data-server and evolution28-evolution-data-server are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Evolution Data Server and applications using it (such as Evolution) must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 35945 published 2009-03-17 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/35945 title RHEL 4 / 5 : evolution-data-server (RHSA-2009:0354) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-0355.NASL description Updated evolution and evolution-data-server packages that fixes multiple security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Evolution is the integrated collection of e-mail, calendaring, contact management, communications, and personal information management (PIM) tools for the GNOME desktop environment. Evolution Data Server provides a unified back-end for applications which interact with contacts, task and calendar information. Evolution Data Server was originally developed as a back-end for Evolution, but is now used by multiple other applications. Evolution did not properly check the Secure/Multipurpose Internet Mail Extensions (S/MIME) signatures used for public key encryption and signing of e-mail messages. An attacker could use this flaw to spoof a signature by modifying the text of the e-mail message displayed to the user. (CVE-2009-0547) It was discovered that evolution did not properly validate NTLM (NT LAN Manager) authentication challenge packets. A malicious server using NTLM authentication could cause evolution to disclose portions of its memory or crash during user authentication. (CVE-2009-0582) Multiple integer overflow flaws which could cause heap-based buffer overflows were found in the Base64 encoding routines used by evolution and evolution-data-server. This could cause evolution, or an application using evolution-data-server, to crash, or, possibly, execute an arbitrary code when large untrusted data blocks were Base64-encoded. (CVE-2009-0587) All users of evolution and evolution-data-server are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of evolution and evolution-data-server must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 35946 published 2009-03-17 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/35946 title RHEL 4 : evolution and evolution-data-server (RHSA-2009:0355) NASL family Scientific Linux Local Security Checks NASL id SL_20090316_EVOLUTION_AND_EVOLUTION_DATA_SERVER_ON_SL4_X.NASL description Evolution Data Server provides a unified back-end for applications which interact with contacts, task and calendar information. Evolution Data Server was originally developed as a back-end for Evolution, but is now used by multiple other applications. Evolution did not properly check the Secure/Multipurpose Internet Mail Extensions (S/MIME) signatures used for public key encryption and signing of e-mail messages. An attacker could use this flaw to spoof a signature by modifying the text of the e-mail message displayed to the user. (CVE-2009-0547) It was discovered that evolution did not properly validate NTLM (NT LAN Manager) authentication challenge packets. A malicious server using NTLM authentication could cause evolution to disclose portions of its memory or crash during user authentication. (CVE-2009-0582) Multiple integer overflow flaws which could cause heap-based buffer overflows were found in the Base64 encoding routines used by evolution and evolution-data-server. This could cause evolution, or an application using evolution-data-server, to crash, or, possibly, execute an arbitrary code when large untrusted data blocks were Base64-encoded. (CVE-2009-0587) All running instances of evolution and evolution-data-server must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 60544 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60544 title Scientific Linux Security Update : evolution and evolution-data-server on SL4.x i386/x86_64 NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2009-0354.NASL description Updated evolution-data-server and evolution28-evolution-data-server packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Evolution Data Server provides a unified back-end for applications which interact with contacts, task, and calendar information. Evolution Data Server was originally developed as a back-end for Evolution, but is now used by multiple other applications. Evolution Data Server did not properly check the Secure/Multipurpose Internet Mail Extensions (S/MIME) signatures used for public key encryption and signing of e-mail messages. An attacker could use this flaw to spoof a signature by modifying the text of the e-mail message displayed to the user. (CVE-2009-0547) It was discovered that Evolution Data Server did not properly validate NTLM (NT LAN Manager) authentication challenge packets. A malicious server using NTLM authentication could cause an application using Evolution Data Server to disclose portions of its memory or crash during user authentication. (CVE-2009-0582) Multiple integer overflow flaws which could cause heap-based buffer overflows were found in the Base64 encoding routines used by Evolution Data Server. This could cause an application using Evolution Data Server to crash, or, possibly, execute an arbitrary code when large untrusted data blocks were Base64-encoded. (CVE-2009-0587) All users of evolution-data-server and evolution28-evolution-data-server are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Evolution Data Server and applications using it (such as Evolution) must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 38893 published 2009-05-26 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/38893 title CentOS 4 : evolution-data-server (CESA-2009:0354) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2009-0355.NASL description Updated evolution and evolution-data-server packages that fixes multiple security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Evolution is the integrated collection of e-mail, calendaring, contact management, communications, and personal information management (PIM) tools for the GNOME desktop environment. Evolution Data Server provides a unified back-end for applications which interact with contacts, task and calendar information. Evolution Data Server was originally developed as a back-end for Evolution, but is now used by multiple other applications. Evolution did not properly check the Secure/Multipurpose Internet Mail Extensions (S/MIME) signatures used for public key encryption and signing of e-mail messages. An attacker could use this flaw to spoof a signature by modifying the text of the e-mail message displayed to the user. (CVE-2009-0547) It was discovered that evolution did not properly validate NTLM (NT LAN Manager) authentication challenge packets. A malicious server using NTLM authentication could cause evolution to disclose portions of its memory or crash during user authentication. (CVE-2009-0582) Multiple integer overflow flaws which could cause heap-based buffer overflows were found in the Base64 encoding routines used by evolution and evolution-data-server. This could cause evolution, or an application using evolution-data-server, to crash, or, possibly, execute an arbitrary code when large untrusted data blocks were Base64-encoded. (CVE-2009-0587) All users of evolution and evolution-data-server are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of evolution and evolution-data-server must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 38894 published 2009-05-26 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/38894 title CentOS 4 : evolution / evolution-data-server (CESA-2009:0355) NASL family Scientific Linux Local Security Checks NASL id SL_20090316_EVOLUTION_ON_SL3_X.NASL description It was discovered that evolution did not properly validate NTLM (NT LAN Manager) authentication challenge packets. A malicious server using NTLM authentication could cause evolution to disclose portions of its memory or crash during user authentication. (CVE-2009-0582) An integer overflow flaw which could cause heap-based buffer overflow was found in the Base64 encoding routine used by evolution. This could cause evolution to crash, or, possibly, execute an arbitrary code when large untrusted data blocks were Base64-encoded. (CVE-2009-0587) All running instances of evolution must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 60546 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60546 title Scientific Linux Security Update : evolution on SL3.x i386/x86_64 NASL family SuSE Local Security Checks NASL id SUSE_EVOLUTION-DATA-SERVER-7029.NASL description The following bugs have been fixed : evolution considered S/MIME signatures to be valid even for modified mails (CVE-2009-0547). specially crafted base64 encoded messages could cause a heap buffer overflow (CVE-2009-0587). A POP3 server sending overly long lines could crash evolution. last seen 2020-06-01 modified 2020-06-02 plugin id 49847 published 2010-10-11 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49847 title SuSE 10 Security Update : evolution-data-server (ZYPP Patch Number 7029) NASL family Scientific Linux Local Security Checks NASL id SL_20090316_EVOLUTION_DATA_SERVER_ON_SL5_X.NASL description Evolution Data Server did not properly check the Secure/Multipurpose Internet Mail Extensions (S/MIME) signatures used for public key encryption and signing of e-mail messages. An attacker could use this flaw to spoof a signature by modifying the text of the e-mail message displayed to the user. (CVE-2009-0547) It was discovered that Evolution Data Server did not properly validate NTLM (NT LAN Manager) authentication challenge packets. A malicious server using NTLM authentication could cause an application using Evolution Data Server to disclose portions of its memory or crash during user authentication. (CVE-2009-0582) Multiple integer overflow flaws which could cause heap-based buffer overflows were found in the Base64 encoding routines used by Evolution Data Server. This could cause an application using Evolution Data Server to crash, or, possibly, execute an arbitrary code when large untrusted data blocks were Base64-encoded. (CVE-2009-0587) All running instances of Evolution Data Server and applications using it (such as Evolution) must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 60545 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60545 title Scientific Linux Security Update : evolution-data-server on SL5.x i386/x86_64 NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2009-0358.NASL description From Red Hat Security Advisory 2009:0358 : Updated evolution packages that fixes multiple security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Evolution is the integrated collection of e-mail, calendaring, contact management, communications, and personal information management (PIM) tools for the GNOME desktop environment. It was discovered that evolution did not properly validate NTLM (NT LAN Manager) authentication challenge packets. A malicious server using NTLM authentication could cause evolution to disclose portions of its memory or crash during user authentication. (CVE-2009-0582) An integer overflow flaw which could cause heap-based buffer overflow was found in the Base64 encoding routine used by evolution. This could cause evolution to crash, or, possibly, execute an arbitrary code when large untrusted data blocks were Base64-encoded. (CVE-2009-0587) All users of evolution are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of evolution must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 67827 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67827 title Oracle Linux 3 : evolution (ELSA-2009-0358)
Oval
accepted | 2013-04-29T04:13:42.259-04:00 | ||||||||||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||||||||||
description | Multiple integer overflows in Evolution Data Server (aka evolution-data-server) before 2.24.5 allow context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation in (1) addressbook/libebook/e-vcard.c in evc or (2) camel/camel-mime-utils.c in libcamel. | ||||||||||||||||||||||||||||||||
family | unix | ||||||||||||||||||||||||||||||||
id | oval:org.mitre.oval:def:11385 | ||||||||||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||||||||||
submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||||||||||
title | Multiple integer overflows in Evolution Data Server (aka evolution-data-server) before 2.24.5 allow context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation in (1) addressbook/libebook/e-vcard.c in evc or (2) camel/camel-mime-utils.c in libcamel. | ||||||||||||||||||||||||||||||||
version | 28 |
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 34100 CVE(CAN) ID: CVE-2008-4316,CVE-2009-0586,CVE-2009-0587,CVE-2009-0585 GLib是GTK+和GNOME工程的基础底层核心程序库,是一个综合用途的轻量级的C程序库。 glib库的Base64编码解码函数在处理超长字符串时没有正确地分配内存,在所有情况下都会使用用户提供值所计算出的长度分配堆内存: g_malloc(user_supplied_length * 3 / 4 + some_small_num) 由于算术运算的评估次序,长度在除以4之前首先乘以3,因此用于分配长度的计算参数可能溢出,导致分配不足的区域。 GNOME glib >= 2.12 stable GNOME glib >= 2.11 unstable 厂商补丁: GNOME ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://ocert.org/patches/2008-015/glib-CVE-2008-4316.diff target=_blank rel=external nofollow>http://ocert.org/patches/2008-015/glib-CVE-2008-4316.diff</a> <a href=http://ocert.org/patches/2008-015/gst-plugins-base-CVE-2009-0586.diff target=_blank rel=external nofollow>http://ocert.org/patches/2008-015/gst-plugins-base-CVE-2009-0586.diff</a> <a href=http://ocert.org/patches/2008-015/camel-CVE-2009-0587.diff target=_blank rel=external nofollow>http://ocert.org/patches/2008-015/camel-CVE-2009-0587.diff</a> <a href=http://ocert.org/patches/2008-015/evc-CVE-2009-0587.diff target=_blank rel=external nofollow>http://ocert.org/patches/2008-015/evc-CVE-2009-0587.diff</a> <a href=http://ocert.org/patches/2008-015/libsoup-base64-CVE-2009-0585.diff target=_blank rel=external nofollow>http://ocert.org/patches/2008-015/libsoup-base64-CVE-2009-0585.diff</a> |
id | SSV:4913 |
last seen | 2017-11-19 |
modified | 2009-03-14 |
published | 2009-03-14 |
reporter | Root |
title | GNOME glib Base64编码解码多个整数溢出漏洞 |
References
- http://www.securityfocus.com/bid/34100
- http://openwall.com/lists/oss-security/2009/03/12/2
- http://ocert.org/patches/2008-015/camel-CVE-2009-0587.diff
- http://ocert.org/patches/2008-015/evc-CVE-2009-0587.diff
- http://www.ocert.org/advisories/ocert-2008-015.html
- http://osvdb.org/52702
- http://osvdb.org/52703
- http://secunia.com/advisories/34339
- http://www.ubuntu.com/usn/USN-733-1
- http://www.redhat.com/support/errata/RHSA-2009-0354.html
- http://secunia.com/advisories/34338
- http://www.redhat.com/support/errata/RHSA-2009-0355.html
- http://secunia.com/advisories/34351
- http://www.redhat.com/support/errata/RHSA-2009-0358.html
- http://secunia.com/advisories/34348
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:078
- http://www.debian.org/security/2009/dsa-1813
- http://secunia.com/advisories/35357
- http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11385
- http://www.securityfocus.com/archive/1/501712/100/0/threaded