Scientific Linux Security Update : evolution-data-server on SL5.x i386/x86_64

This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.

Synopsis :

The remote Scientific Linux host is missing one or more security

Description :

Evolution Data Server did not properly check the Secure/Multipurpose
Internet Mail Extensions (S/MIME) signatures used for public key
encryption and signing of e-mail messages. An attacker could use this
flaw to spoof a signature by modifying the text of the e-mail message
displayed to the user. (CVE-2009-0547)

It was discovered that Evolution Data Server did not properly validate
NTLM (NT LAN Manager) authentication challenge packets. A malicious
server using NTLM authentication could cause an application using
Evolution Data Server to disclose portions of its memory or crash
during user authentication. (CVE-2009-0582)

Multiple integer overflow flaws which could cause heap-based buffer
overflows were found in the Base64 encoding routines used by Evolution
Data Server. This could cause an application using Evolution Data
Server to crash, or, possibly, execute an arbitrary code when large
untrusted data blocks were Base64-encoded. (CVE-2009-0587)

All running instances of Evolution Data Server and applications using
it (such as Evolution) must be restarted for the update to take

See also :

Solution :

Update the affected evolution-data-server, evolution-data-server-devel
and / or evolution-data-server-doc packages.

Risk factor :

High / CVSS Base Score : 7.5

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 60545 ()

Bugtraq ID:

CVE ID: CVE-2009-0547

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now