This script is Copyright (C) 2012 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
Evolution Data Server did not properly check the Secure/Multipurpose
Internet Mail Extensions (S/MIME) signatures used for public key
encryption and signing of e-mail messages. An attacker could use this
flaw to spoof a signature by modifying the text of the e-mail message
displayed to the user. (CVE-2009-0547)
It was discovered that Evolution Data Server did not properly validate
NTLM (NT LAN Manager) authentication challenge packets. A malicious
server using NTLM authentication could cause an application using
Evolution Data Server to disclose portions of its memory or crash
during user authentication. (CVE-2009-0582)
Multiple integer overflow flaws which could cause heap-based buffer
overflows were found in the Base64 encoding routines used by Evolution
Data Server. This could cause an application using Evolution Data
Server to crash, or, possibly, execute an arbitrary code when large
untrusted data blocks were Base64-encoded. (CVE-2009-0587)
All running instances of Evolution Data Server and applications using
it (such as Evolution) must be restarted for the update to take
See also :
Update the affected evolution-data-server, evolution-data-server-devel
and / or evolution-data-server-doc packages.
Risk factor :
High / CVSS Base Score : 7.5
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 60545 ()
CVE ID: CVE-2009-0547CVE-2009-0582CVE-2009-0587
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.