Mandrake Linux Security Advisory : evolution (MDKSA-2007:107)

Low Nessus Plugin ID 25266

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

A weakness in the way Evolution processed certain APOP authentication requests was discovered. A remote attacker could potentially obtain certain portions of a user's authentication credentials by sending certain responses when evolution-data-server attempted to authenticate against an APOP server.

The updated packages have been patched to prevent this issue.

Solution

Update the affected packages.

Plugin Details

Severity: Low

ID: 25266

File Name: mandrake_MDKSA-2007-107.nasl

Version: 1.13

Type: local

Published: 2007/05/20

Updated: 2019/08/02

Dependencies: 12634

Risk Information

Risk Factor: Low

CVSS v2.0

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:evolution-data-server, p-cpe:/a:mandriva:linux:lib64camel-provider10, p-cpe:/a:mandriva:linux:lib64camel-provider8, p-cpe:/a:mandriva:linux:lib64camel0, p-cpe:/a:mandriva:linux:lib64camel10, p-cpe:/a:mandriva:linux:lib64ebook9, p-cpe:/a:mandriva:linux:lib64ecal7, p-cpe:/a:mandriva:linux:lib64edata-book2, p-cpe:/a:mandriva:linux:lib64edata-cal6, p-cpe:/a:mandriva:linux:lib64edataserver7, p-cpe:/a:mandriva:linux:lib64edataserver7-devel, p-cpe:/a:mandriva:linux:lib64edataserver9, p-cpe:/a:mandriva:linux:lib64edataserver9-devel, p-cpe:/a:mandriva:linux:lib64edataserverui8, p-cpe:/a:mandriva:linux:lib64egroupwise12, p-cpe:/a:mandriva:linux:lib64egroupwise13, p-cpe:/a:mandriva:linux:lib64exchange-storage2, p-cpe:/a:mandriva:linux:lib64exchange-storage3, p-cpe:/a:mandriva:linux:libcamel-provider10, p-cpe:/a:mandriva:linux:libcamel-provider8, p-cpe:/a:mandriva:linux:libcamel0, p-cpe:/a:mandriva:linux:libcamel10, p-cpe:/a:mandriva:linux:libebook9, p-cpe:/a:mandriva:linux:libecal7, p-cpe:/a:mandriva:linux:libedata-book2, p-cpe:/a:mandriva:linux:libedata-cal6, p-cpe:/a:mandriva:linux:libedataserver7, p-cpe:/a:mandriva:linux:libedataserver7-devel, p-cpe:/a:mandriva:linux:libedataserver9, p-cpe:/a:mandriva:linux:libedataserver9-devel, p-cpe:/a:mandriva:linux:libedataserverui8, p-cpe:/a:mandriva:linux:libegroupwise12, p-cpe:/a:mandriva:linux:libegroupwise13, p-cpe:/a:mandriva:linux:libexchange-storage2, p-cpe:/a:mandriva:linux:libexchange-storage3, cpe:/o:mandriva:linux:2007, cpe:/o:mandriva:linux:2007.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2007/05/19

Reference Information

CVE: CVE-2007-1558

MDKSA: 2007:107