CVE-2009-0582: Input Validation
First published: Fri Feb 27 2009(Updated: )
It was discovered that camel's NTLM SASL authentication mechanism did not properly validate server's challenge packets (NTLM authentication type 2 packets, [1]). In the ntlm_challenge() in camel/camel-sasl-ntlm.c, length of the domain string that was copied from type 2 to type 3 packet (client's reply to server's challenge) was not properly validated against the rest of the data received from the server. 127 ntlm_set_string (ret, NTLM_RESPONSE_DOMAIN_OFFSET, 128 token->data + NTLM_CHALLENGE_DOMAIN_OFFSET, 129 atoi (token->data + NTLM_CHALLENGE_DOMAIN_LEN_OFFSET)); Server could specify larger length than the actual data sent in the packet, causing the client to disclose portion of its memory, or crash. Note: length value was not properly extracted from the packet too, as it is not passed as string, rather as 16-bit LE value. [1] <a href="http://curl.haxx.se/rfc/ntlm.html#theType2Message">http://curl.haxx.se/rfc/ntlm.html#theType2Message</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GNOME evolution-data-server | <=2.24.5 | |
| GNOME evolution-data-server | =2.25.92 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://curl.haxx.se/rfc/ntlm.html#theType2Message
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=333473&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=333473&action=edit
- http://mail.gnome.org/archives/release-team/2009-March/msg00096.html
- https://rhn.redhat.com/errata/RHSA-2009-0354.html
- https://rhn.redhat.com/errata/RHSA-2009-0355.html
- https://rhn.redhat.com/errata/RHSA-2009-0358.html
- http://rhn.redhat.com/errata/RHSA-2009-0354.html
- http://rhn.redhat.com/errata/RHSA-2009-0355.html
- http://rhn.redhat.com/errata/RHSA-2009-0358.html
- https://admin.fedoraproject.org/updates/F10/FEDORA-2009-2784
- https://admin.fedoraproject.org/updates/F9/FEDORA-2009-2792
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=501222
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=487685#c29
- https://bugzilla.redhat.com/show_bug.cgi?id=487685
- http://www.securityfocus.com/bid/34109
- http://secunia.com/advisories/34286
- http://securitytracker.com/id?1021845
- http://www.vupen.com/english/advisories/2009/0716
- http://osvdb.org/52673
- http://www.redhat.com/support/errata/RHSA-2009-0358.html
- http://www.redhat.com/support/errata/RHSA-2009-0354.html
- http://secunia.com/advisories/34348
- http://www.redhat.com/support/errata/RHSA-2009-0355.html
- http://secunia.com/advisories/34338
- http://secunia.com/advisories/34339
- http://secunia.com/advisories/34363
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00666.html
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00672.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:078
- http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
- http://secunia.com/advisories/35065
- http://www.debian.org/security/2009/dsa-1813
- http://secunia.com/advisories/35357
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49233
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10081
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-historical
- collector/nvd-index
- collector/redhat-bugzilla
- alias/CVE-2009-0582
- vendor/gnome
- canonical/gnome evolution-data-server
- version/gnome evolution-data-server/2.24.5
- version/gnome evolution-data-server/2.25.92