Vulnerability Name:

CVE-2009-0582 (CCN-49233)

Assigned:2009-03-12
Published:2009-03-12
Updated:2017-09-29
Summary:The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount of data in a challenge packet, which allows remote mail servers to read information from the process memory of a client, or cause a denial of service (client crash), via an NTLM authentication type 2 packet with a length value that exceeds the amount of packet data.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P)
4.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): Partial
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.8 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P)
4.3 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-20
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2009-0582

Source: CCN
Type: Freshmeat.net
Evolution Data Server - Default branch

Source: SUSE
Type: UNKNOWN
SUSE-SR:2009:010

Source: CCN
Type: release-team Mailing List, Thu, 12 Mar 2009 10:35:32 -0400
Another Evolution-Data-Server freeze break

Source: MLIST
Type: UNKNOWN
[release-team] 20090312 Another Evolution-Data-Server freeze break

Source: OSVDB
Type: UNKNOWN
52673

Source: CCN
Type: RHSA-2009-0354
Moderate: evolution-data-server security update

Source: CCN
Type: RHSA-2009-0355
Moderate: evolution and evolution-data-server security update

Source: CCN
Type: RHSA-2009-0358
Moderate: evolution security update

Source: CCN
Type: SA34286
Evolution Camel NTLM SASL Implementation Information Disclosure

Source: SECUNIA
Type: Vendor Advisory
34286

Source: CCN
Type: SA34338
Red Hat update for evolution-data-server

Source: SECUNIA
Type: UNKNOWN
34338

Source: CCN
Type: SA34339
Red Hat update for evolution and evolution-data-server

Source: SECUNIA
Type: UNKNOWN
34339

Source: CCN
Type: SA34348
Red Hat update for evolution

Source: SECUNIA
Type: UNKNOWN
34348

Source: SECUNIA
Type: UNKNOWN
34363

Source: SECUNIA
Type: UNKNOWN
35065

Source: CCN
Type: SA35357
Debian update for evolution-data-server

Source: SECUNIA
Type: UNKNOWN
35357

Source: CCN
Type: SECTRACK ID: 1021845
Evolution Camel NTLM SASL Processing Bug Lets Remote Users Obtain Potentially Sensitive Information

Source: SECTRACK
Type: UNKNOWN
1021845

Source: CCN
Type: ASA-2009-085
evolution security update (RHSA-2009-0358)

Source: CCN
Type: ASA-2009-086
evolution-data-server security update (RHSA-2009-0354)

Source: CCN
Type: ASA-2009-087
evolution and evolution-data-server security update (RHSA-2009-0355)

Source: DEBIAN
Type: UNKNOWN
DSA-1813

Source: DEBIAN
Type: DSA-1813
evolution-data-server -- Several vulnerabilities

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2009:078

Source: CCN
Type: OSVDB ID: 52673
Evolution Data Server Camel camel/camel-sasl-ntlm.c ntlm_challenge Function Type 2 Packet Handling Memory Disclosure

Source: REDHAT
Type: UNKNOWN
RHSA-2009:0354

Source: REDHAT
Type: UNKNOWN
RHSA-2009:0355

Source: REDHAT
Type: UNKNOWN
RHSA-2009:0358

Source: BID
Type: UNKNOWN
34109

Source: CCN
Type: BID-34109
Evolution Data Server 'ntlm_challenge()' Memory Contents Information Disclosure Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2009-0716

Source: CCN
Type: Red Hat Bugzilla Bug 487685
CVE-2009-0582 evolution-data-server: insufficient checking of NTLM authentication challenge packets

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=487685

Source: XF
Type: UNKNOWN
evolution-ntlmsasl-info-disclosure(49233)

Source: XF
Type: UNKNOWN
evolution-ntlmsasl-info-disclosure(49233)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10081

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-2784

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-2792

Source: SUSE
Type: SUSE-SR:2009:010
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:gnome:evolution-data-server:*:*:*:*:*:*:*:* (Version <= 2.24.5)
  • OR cpe:/a:gnome:evolution-data-server:2.25.92:*:*:*:*:*:*:*

  • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

  • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

  • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

  • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

  • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

  • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

  • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

  • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

  • Configuration RedHat 9:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20090582
    V
    CVE-2009-0582
    2022-05-20
    oval:org.opensuse.security:def:32160
    P
    Security update for djvulibre (Important)
    2021-08-05
    oval:org.opensuse.security:def:29388
    P
    Security update for ovmf (Important)
    2021-06-22
    oval:org.opensuse.security:def:29352
    P
    Security update for libnettle (Important)
    2021-04-28
    oval:org.opensuse.security:def:32253
    P
    Security update for python (Important)
    2021-02-11
    oval:org.opensuse.security:def:28220
    P
    Security update for libsamplerate (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31941
    P
    Security update for glibc (Important)
    2020-12-01
    oval:org.opensuse.security:def:32658
    P
    evolution-data-server on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28361
    P
    Security update for postgresql94 (Important)
    2020-12-01
    oval:org.opensuse.security:def:32026
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:27930
    P
    Security update for GraphicsMagick (Low)
    2020-12-01
    oval:org.opensuse.security:def:32719
    P
    libneon27 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28566
    P
    Security update for Linux kernel
    2020-12-01
    oval:org.opensuse.security:def:27942
    P
    Security update for GraphicsMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33401
    P
    Security update for Salt (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28654
    P
    Security update for dhcp (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32397
    P
    Security update for unzip (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28136
    P
    Security update for java-1_7_1-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:31940
    P
    Recommended update for glibc (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28714
    P
    Security update for java-1_7_0-openjdk (Important)
    2020-12-01
    oval:org.opensuse.security:def:32609
    P
    tar on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28277
    P
    Security update for mysql (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31952
    P
    Security update for grub2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:32697
    P
    kvm on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28513
    P
    Security update for openssl1 (Important)
    2020-12-01
    oval:org.opensuse.security:def:27931
    P
    Security update for GraphicsMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32763
    P
    pam_ldap on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28615
    P
    Security update for xorg-x11-libX11
    2020-12-01
    oval:org.opensuse.security:def:32310
    P
    Security update for quagga (Low)
    2020-12-01
    oval:org.opensuse.security:def:28006
    P
    Security update for apache2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33440
    P
    Security update for Evolution
    2020-12-01
    oval:org.opensuse.security:def:28670
    P
    Security update for Mozilla Firefox
    2020-12-01
    oval:org.opensuse.security:def:32553
    P
    libicu-32bit on GA media (Moderate)
    2020-12-01
    oval:org.mitre.oval:def:28741
    P
    RHSA-2009:0354 -- evolution-data-server security update (Moderate)
    2015-08-17
    oval:org.mitre.oval:def:13406
    P
    DSA-1813-2 evolution-data-server -- Several vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:8011
    P
    DSA-1813 evolution-data-server -- Several vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:12702
    P
    DSA-1813-1 evolution-data-server -- Several vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:21826
    P
    ELSA-2009:0354: evolution-data-server security update (Moderate)
    2014-05-26
    oval:org.mitre.oval:def:10081
    V
    The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount of data in a challenge packet, which allows remote mail servers to read information from the process memory of a client, or cause a denial of service (client crash), via an NTLM authentication type 2 packet with a length value that exceeds the amount of packet data.
    2013-04-29
    oval:org.debian:def:1813
    V
    Several vulnerabilities
    2009-06-08
    oval:com.redhat.rhsa:def:20090354
    P
    RHSA-2009:0354: evolution-data-server security update (Moderate)
    2009-03-16
    oval:com.redhat.rhsa:def:20090355
    P
    RHSA-2009:0355: evolution and evolution-data-server security update (Moderate)
    2009-03-16
    oval:com.redhat.rhsa:def:20090358
    P
    RHSA-2009:0358: evolution security update (Moderate)
    2009-03-16
    BACK
    gnome evolution-data-server *
    gnome evolution-data-server 2.25.92