ID |
CVE-2009-0587
|
Summary |
Multiple integer overflows in Evolution Data Server (aka evolution-data-server) before 2.24.5 allow context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation in (1) addressbook/libebook/e-vcard.c in evc or (2) camel/camel-mime-utils.c in libcamel. |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 7.5 (as of 13-02-2023 - 02:19) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-189 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
PARTIAL |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
oval
via4
|
accepted | 2013-04-29T04:13:42.259-04:00 | class | vulnerability | contributors | name | Aharon Chernin | organization | SCAP.com, LLC |
name | Dragos Prisaca | organization | G2, Inc. |
| definition_extensions | comment | The operating system installed on the system is Red Hat Enterprise Linux 3 | oval | oval:org.mitre.oval:def:11782 |
comment | CentOS Linux 3.x | oval | oval:org.mitre.oval:def:16651 |
comment | The operating system installed on the system is Red Hat Enterprise Linux 4 | oval | oval:org.mitre.oval:def:11831 |
comment | CentOS Linux 4.x | oval | oval:org.mitre.oval:def:16636 |
comment | Oracle Linux 4.x | oval | oval:org.mitre.oval:def:15990 |
comment | The operating system installed on the system is Red Hat Enterprise Linux 5 | oval | oval:org.mitre.oval:def:11414 |
comment | The operating system installed on the system is CentOS Linux 5.x | oval | oval:org.mitre.oval:def:15802 |
comment | Oracle Linux 5.x | oval | oval:org.mitre.oval:def:15459 |
| description | Multiple integer overflows in Evolution Data Server (aka evolution-data-server) before 2.24.5 allow context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation in (1) addressbook/libebook/e-vcard.c in evc or (2) camel/camel-mime-utils.c in libcamel. | family | unix | id | oval:org.mitre.oval:def:11385 | status | accepted | submitted | 2010-07-09T03:56:16-04:00 | title | Multiple integer overflows in Evolution Data Server (aka evolution-data-server) before 2.24.5 allow context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation in (1) addressbook/libebook/e-vcard.c in evc or (2) camel/camel-mime-utils.c in libcamel. | version | 31 |
|
redhat
via4
|
advisories | bugzilla | id | 488226 | title | CVE-2009-0587 evolution-data-server: integer overflow in base64 encoding functions |
| oval | OR | comment | Red Hat Enterprise Linux must be installed | oval | oval:com.redhat.rhba:tst:20070304026 |
AND | comment | Red Hat Enterprise Linux 4 is installed | oval | oval:com.redhat.rhba:tst:20070304025 |
OR | AND | comment | evolution28-evolution-data-server is earlier than 0:1.8.0-37.el4_7.2 | oval | oval:com.redhat.rhsa:tst:20090354001 |
comment | evolution28-evolution-data-server is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20090354002 |
|
AND | comment | evolution28-evolution-data-server-devel is earlier than 0:1.8.0-37.el4_7.2 | oval | oval:com.redhat.rhsa:tst:20090354003 |
comment | evolution28-evolution-data-server-devel is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20090354004 |
|
|
|
AND | comment | Red Hat Enterprise Linux 5 is installed | oval | oval:com.redhat.rhba:tst:20070331005 |
OR | AND | comment | evolution-data-server is earlier than 0:1.12.3-10.el5_3.3 | oval | oval:com.redhat.rhsa:tst:20090354006 |
comment | evolution-data-server is signed with Red Hat redhatrelease key | oval | oval:com.redhat.rhsa:tst:20070344002 |
|
AND | comment | evolution-data-server-devel is earlier than 0:1.12.3-10.el5_3.3 | oval | oval:com.redhat.rhsa:tst:20090354008 |
comment | evolution-data-server-devel is signed with Red Hat redhatrelease key | oval | oval:com.redhat.rhsa:tst:20070344004 |
|
AND | comment | evolution-data-server-doc is earlier than 0:1.12.3-10.el5_3.3 | oval | oval:com.redhat.rhsa:tst:20090354010 |
comment | evolution-data-server-doc is signed with Red Hat redhatrelease key | oval | oval:com.redhat.rhsa:tst:20090354011 |
|
|
|
|
| rhsa | id | RHSA-2009:0354 | released | 2009-03-16 | severity | Moderate | title | RHSA-2009:0354: evolution-data-server security update (Moderate) |
|
bugzilla | id | 488226 | title | CVE-2009-0587 evolution-data-server: integer overflow in base64 encoding functions |
| oval | OR | comment | Red Hat Enterprise Linux must be installed | oval | oval:com.redhat.rhba:tst:20070304026 |
AND | comment | Red Hat Enterprise Linux 4 is installed | oval | oval:com.redhat.rhba:tst:20070304025 |
OR | AND | comment | evolution is earlier than 0:2.0.2-41.el4_7.2 | oval | oval:com.redhat.rhsa:tst:20090355001 |
comment | evolution is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20070353002 |
|
AND | comment | evolution-devel is earlier than 0:2.0.2-41.el4_7.2 | oval | oval:com.redhat.rhsa:tst:20090355003 |
comment | evolution-devel is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20070353004 |
|
AND | comment | evolution-data-server is earlier than 0:1.0.2-14.el4_7.1 | oval | oval:com.redhat.rhsa:tst:20090355005 |
comment | evolution-data-server is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20090355006 |
|
AND | comment | evolution-data-server-devel is earlier than 0:1.0.2-14.el4_7.1 | oval | oval:com.redhat.rhsa:tst:20090355007 |
comment | evolution-data-server-devel is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20090355008 |
|
|
|
|
| rhsa | id | RHSA-2009:0355 | released | 2009-03-16 | severity | Moderate | title | RHSA-2009:0355: evolution and evolution-data-server security update (Moderate) |
|
| rpms | - evolution-data-server-0:1.12.3-10.el5_3.3
- evolution-data-server-debuginfo-0:1.12.3-10.el5_3.3
- evolution-data-server-devel-0:1.12.3-10.el5_3.3
- evolution-data-server-doc-0:1.12.3-10.el5_3.3
- evolution28-evolution-data-server-0:1.8.0-37.el4_7.2
- evolution28-evolution-data-server-debuginfo-0:1.8.0-37.el4_7.2
- evolution28-evolution-data-server-devel-0:1.8.0-37.el4_7.2
- evolution-0:2.0.2-41.el4_7.2
- evolution-data-server-0:1.0.2-14.el4_7.1
- evolution-data-server-debuginfo-0:1.0.2-14.el4_7.1
- evolution-data-server-devel-0:1.0.2-14.el4_7.1
- evolution-debuginfo-0:2.0.2-41.el4_7.2
- evolution-devel-0:2.0.2-41.el4_7.2
- evolution-0:1.4.5-25.el3
- evolution-debuginfo-0:1.4.5-25.el3
- evolution-devel-0:1.4.5-25.el3
|
|
refmap
via4
|
bid | 34100 | bugtraq | 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows | debian | DSA-1813 | mandriva | MDVSA-2009:078 | misc | | mlist | [oss-security] 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows | osvdb | | secunia | - 34338
- 34339
- 34348
- 34351
- 35357
| suse | SUSE-SR:2010:012 | ubuntu | USN-733-1 |
|
Last major update |
13-02-2023 - 02:19 |
Published |
14-03-2009 - 18:30 |
Last modified |
13-02-2023 - 02:19 |