|Title||evolution-data-server security update|
|Name||RHSA-2007:0344||First vendor Publication||2007-05-30|
|Vendor||RedHat||Last vendor Modification||2007-05-30|
Security-Database Scoring CVSS v2
|Cvss vector : (AV:N/AC:H/Au:N/C:P/I:N/A:N)|
|Cvss Base Score||2.6||Attack Range||Network|
|Cvss Impact Score||2.9||Attack Complexity||High|
|Cvss Expoit Score||4.9||Authentification||None Required|
|Calculate full CVSS 2.0 Vectors scores|
Updated evolution-data-server package that fixes a security bug are now
available for Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
3. Problem description:
The evolution-data-server package provides a unified backend for programs
that work with contacts, tasks, and calendar information.
A flaw was found in the way evolution-data-server processed certain APOP
authentication requests. By sending certain responses when
evolution-data-server attempted to authenticate against an APOP server, a
remote attacker could potentially acquire certain portions of a user's
authentication credentials. (CVE-2007-1558)
All users of evolution-data-server should upgrade to these updated
packages, which contain a backported patch which resolves this issue.
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
5. Bug IDs fixed (http://bugzilla.redhat.com/):
235289 - CVE-2007-1558 Evolution APOP information disclosure
|Url : https://rhn.redhat.com/errata/RHSA-2007-0344.html|
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
|34856||APOP Protocol MiTM Crafted IDs/MD5 Collision Cleartext Password Fragment Disc...|