Detections
Analytics
Debian DSA-1813-1 : evolution-data-server - Several vulnerabilities
high Nessus Plugin ID 39334
Synopsis
The remote Debian host is missing a security-related update.Description
Several vulnerabilities have been found in evolution-data-server, the database backend server for the evolution groupware suite. The Common Vulnerabilities and Exposures project identifies the following problems :- CVE-2009-0587 It was discovered that evolution-data-server is prone to integer overflows triggered by large base64 strings.
- CVE-2009-0547 Joachim Breitner discovered that S/MIME signatures are not verified properly, which can lead to spoofing attacks.
- CVE-2009-0582 It was discovered that NTLM authentication challenge packets are not validated properly when using the NTLM authentication method, which could lead to an information disclosure or a denial of service.
Solution
Upgrade the evolution-data-server packages.For the oldstable distribution (etch), these problems have been fixed in version 1.6.3-5etch2.
For the stable distribution (lenny), these problems have been fixed in version 2.22.3-1.1+lenny1.
See Also
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508479
https://security-tracker.debian.org/tracker/CVE-2009-0587
https://security-tracker.debian.org/tracker/CVE-2009-0547
Plugin Details
Severity: High
ID: 39334
File Name: debian_DSA-1813.nasl
Version: 1.14
Type: local
Agent: unix
Family: Debian Local Security Checks
Published: 6/9/2009
Updated: 1/4/2021
Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.8
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/o:debian:debian_linux:5.0, cpe:/o:debian:debian_linux:4.0, p-cpe:/a:debian:debian_linux:evolution-data-server
Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
Exploit Ease: No known exploits are available
Patch Publication Date: 6/8/2009