Mandriva Linux Security Advisory : evolution-data-server (MDVSA-2009:078)

High Nessus Plugin ID 37259

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

A wrong handling of signed Secure/Multipurpose Internet Mail Extensions (S/MIME) e-mail messages enables attackers to spoof its signatures by modifying the latter copy (CVE-2009-0547).

Crafted authentication challange packets (NT Lan Manager type 2) sent by a malicious remote mail server enables remote attackers either to cause denial of service and to read information from the process memory of the client (CVE-2009-0582).

Multiple integer overflows in Base64 encoding functions enables attackers either to cause denial of service and to execute arbitrary code (CVE-2009-0587).

This update provides fixes for those vulnerabilities.

Update :

evolution-data-server packages from Mandriva Linux distributions 2008.1 and 2009.0 are not affected by CVE-2009-0587.

Solution

Update the affected packages.

Plugin Details

Severity: High

ID: 37259

File Name: mandriva_MDVSA-2009-078.nasl

Version: 1.17

Type: local

Published: 2009/04/23

Updated: 2019/08/02

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:evolution-data-server, p-cpe:/a:mandriva:linux:lib64camel-provider10, p-cpe:/a:mandriva:linux:lib64camel-provider11, p-cpe:/a:mandriva:linux:lib64camel10, p-cpe:/a:mandriva:linux:lib64camel11, p-cpe:/a:mandriva:linux:lib64camel14, p-cpe:/a:mandriva:linux:lib64ebackend0, p-cpe:/a:mandriva:linux:lib64ebook9, p-cpe:/a:mandriva:linux:lib64ecal7, p-cpe:/a:mandriva:linux:lib64edata-book2, p-cpe:/a:mandriva:linux:lib64edata-cal6, p-cpe:/a:mandriva:linux:lib64edataserver-devel, p-cpe:/a:mandriva:linux:lib64edataserver11, p-cpe:/a:mandriva:linux:lib64edataserver9, p-cpe:/a:mandriva:linux:lib64edataserverui8, p-cpe:/a:mandriva:linux:lib64egroupwise13, p-cpe:/a:mandriva:linux:lib64exchange-storage3, p-cpe:/a:mandriva:linux:lib64gdata1, p-cpe:/a:mandriva:linux:libcamel-provider10, p-cpe:/a:mandriva:linux:libcamel-provider11, p-cpe:/a:mandriva:linux:libcamel10, p-cpe:/a:mandriva:linux:libcamel11, p-cpe:/a:mandriva:linux:libcamel14, p-cpe:/a:mandriva:linux:libebackend0, p-cpe:/a:mandriva:linux:libebook9, p-cpe:/a:mandriva:linux:libecal7, p-cpe:/a:mandriva:linux:libedata-book2, p-cpe:/a:mandriva:linux:libedata-cal6, p-cpe:/a:mandriva:linux:libedataserver-devel, p-cpe:/a:mandriva:linux:libedataserver11, p-cpe:/a:mandriva:linux:libedataserver9, p-cpe:/a:mandriva:linux:libedataserverui8, p-cpe:/a:mandriva:linux:libegroupwise13, p-cpe:/a:mandriva:linux:libexchange-storage3, p-cpe:/a:mandriva:linux:libgdata1, cpe:/o:mandriva:linux:2008.0, cpe:/o:mandriva:linux:2008.1, cpe:/o:mandriva:linux:2009.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2009/03/23

Reference Information

CVE: CVE-2009-0547, CVE-2009-0582, CVE-2009-0587

BID: 33720, 34100, 34109

MDVSA: 2009:078

CWE: 20, 189, 310