CVE-2009-0582

The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount of data in a challenge packet, which allows remote mail servers to read information from the process memory of a client, or cause a denial of service (client crash), via an NTLM authentication type 2 packet with a length value that exceeds the amount of packet data.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gnome:evolution-data-server:*:*:*:*:*:*:*:*
cpe:2.3:a:gnome:evolution-data-server:2.25.92:*:*:*:*:*:*:*

History

No history.

Information

Published : 2009-03-14 18:30

Updated : 2024-02-04 17:33


NVD link : CVE-2009-0582

Mitre link : CVE-2009-0582

CVE.ORG link : CVE-2009-0582


JSON object : View

Products Affected

gnome

  • evolution-data-server
CWE
CWE-20

Improper Input Validation