262549 – <=gnome-extra/evolution-data-server-{2.24.5,2.25.92} DOS/process memory exposure (CVE-2009-0582)

Bug 262549 - <=gnome-extra/evolution-data-server-{2.24.5,2.25.92} DOS/process memory exposure (CVE-2009-0582)

Summary: <=gnome-extra/evolution-data-server-{2.24.5,2.25.92} DOS/process memory expos...

Status:	RESOLVED DUPLICATE of bug 261203

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:	https://bugzilla.redhat.com/show_bug....
Whiteboard:	B4 [ebuild?]
Keywords:

Depends on:
Blocks:

Reported:	2009-03-15 11:33 UTC by Stefan Behte (RETIRED)
Modified:	2009-03-15 11:40 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Behte (RETIRED) gentoo-dev

2009-03-15 11:33:55 UTC

CVE-2009-0582 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0582):
  The ntlm_challenge function in the NTLM SASL authentication mechanism
  in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka
  evolution-data-server) 2.24.5 and earlier, and 2.25.92 and earlier
  2.25.x versions, does not validate whether a certain length value is
  consistent with the amount of data in a challenge packet, which
  allows remote mail servers to read information from the process
  memory of a client, or cause a denial of service (client crash), via
  an NTLM authentication type 2 packet with a length value that exceeds
  the amount of packet data.

Comment 1 Stefan Behte (RETIRED) gentoo-dev

2009-03-15 11:40:14 UTC


*** This bug has been marked as a duplicate of bug 261203 ***