Oval Definition:oval:org.opensuse.security:def:20090582
Revision Date:2022-05-20Version:1
Title:CVE-2009-0582
Description:

The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount of data in a challenge packet, which allows remote mail servers to read information from the process memory of a client, or cause a denial of service (client crash), via an NTLM authentication type 2 packet with a length value that exceeds the amount of packet data.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2009-0582
Mitre CVE-2009-0582
SUSE CVE-2009-0582
SUSE-SR:2009:010
SUSE-SR:2009:010
Platform(s):Novell Linux Desktop 9 for x86
Novell Linux Desktop 9 for x86_64
openSUSE 10.3
openSUSE 11.0
openSUSE 11.1
SUSE Linux Enterprise Desktop 11 GA
SUSE Linux Enterprise SDK 11 GA
SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server 11 GA
SUSE Linux Enterprise Server for SAP Applications 11
Product(s):
Definition Synopsis
  • Release Information
  • sles9-nld is installed
  • AND
  • evolution-devel less than 2.0.4-0.17
  • OR evolution-pilot less than 2.0.4-0.17
  • OR evolution less than 2.0.4-0.17
  • OR Package Information
  • suse111 is installed
  • AND
  • evolution-data-server-32bit less than 2.24.1.1-5.12.1
  • OR evolution-data-server-devel less than 2.24.1.1-5.12.1
  • OR evolution-data-server-doc less than 2.24.1.1-5.12.1
  • OR evolution-data-server-lang less than 2.24.1.1-5.12.1
  • OR evolution-data-server less than 2.24.1.1-5.12.1
  • OR evolution-devel less than 2.24.1.1-4.14.1
  • OR evolution-lang less than 2.24.1.1-4.14.1
  • OR evolution-mono-providers less than 0.1.1-2.18.1
  • OR evolution-pilot less than 2.24.1.1-4.14.1
  • OR evolution less than 2.24.1.1-4.14.1
  • OR gtkhtml2-devel less than 3.24.1.1-1.17.1
  • OR gtkhtml2-lang less than 3.24.1.1-1.17.1
  • OR gtkhtml2 less than 3.24.1.1-1.17.1
  • OR Package Information
  • suse110 is installed
  • AND
  • evolution-data-server-32bit less than 2.22.1.1-11.4
  • OR evolution-data-server-64bit less than 2.22.1.1-11.4
  • OR evolution-data-server-devel less than 2.22.1.1-11.4
  • OR evolution-data-server-doc less than 2.22.1.1-11.4
  • OR evolution-data-server less than 2.22.1.1-11.4
  • OR Package Information
  • sle11-sdk is installed
  • evolution-data-server-devel less than 2.24.1.1-11.8.1
  • OR evolution-devel less than 2.24.1.1-15.8.4
  • OR evolution-lang less than 2.24.1.1-15.8.4
  • OR evolution less than 2.24.1.1-15.8.4
  • OR gtkhtml2-devel less than 3.24.1.1-3.23.2
  • OR
  • sled11 is installed
  • evolution-data-server-32bit less than 2.24.1.1-11.8.1
  • OR evolution-data-server-lang less than 2.24.1.1-11.8.1
  • OR evolution-data-server less than 2.24.1.1-11.8.1
  • OR evolution-lang less than 2.24.1.1-15.8.4
  • OR evolution-pilot less than 2.24.1.1-15.8.4
  • OR evolution less than 2.24.1.1-15.8.4
  • OR gtkhtml2-lang less than 3.24.1.1-3.23.2
  • OR gtkhtml2 less than 3.24.1.1-3.23.2
  • OR
  • sles11 is installed
  • evolution-data-server-32bit less than 2.24.1.1-11.8.1
  • OR evolution-data-server-lang less than 2.24.1.1-11.8.1
  • OR evolution-data-server-x86 less than 2.24.1.1-11.8.1
  • OR evolution-data-server less than 2.24.1.1-11.8.1
  • OR gtkhtml2-lang less than 3.24.1.1-3.23.2
  • OR gtkhtml2 less than 3.24.1.1-3.23.2
    • Definition Synopsis
  • SUSE Linux Enterprise Server 11 is installed
  • AND Package Information
  • evolution-data-server-2.24.1.1-11.8 is installed
  • OR evolution-data-server-32bit-2.24.1.1-11.8 is installed
  • OR evolution-data-server-lang-2.24.1.1-11.8 is installed
  • OR evolution-data-server-x86-2.24.1.1-11.8 is installed
  • OR gtkhtml2-3.24.1.1-3.23 is installed
  • OR gtkhtml2-lang-3.24.1.1-3.23 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server 11 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 11 is installed
  • AND Package Information
  • evolution-data-server-2.24.1.1-11.8.1 is installed
  • OR evolution-data-server-32bit-2.24.1.1-11.8.1 is installed
  • OR evolution-data-server-lang-2.24.1.1-11.8.1 is installed
  • OR evolution-data-server-x86-2.24.1.1-11.8.1 is installed
  • OR gtkhtml2-3.24.1.1-3.23.2 is installed
  • OR gtkhtml2-lang-3.24.1.1-3.23.2 is installed
    • BACK