Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-0079

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2014-0079
Last Modified 29 Apr 2014 07:52:00
Published 28 Apr 2014 10:09:06
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-0079

Summary

The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 7.1.8, 6.20.0, and earlier, when using certain build conditions, allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the password."

Vulnerable Systems

Application

  • Zarafa 5.00

  • Zarafa 5.01

  • Zarafa 5.02

  • Zarafa 5.10

  • Zarafa 5.11

  • Zarafa 5.20

  • Zarafa 5.22

  • Zarafa 6.00

  • Zarafa 6.01

  • Zarafa 6.02

  • Zarafa 6.03

  • Zarafa 6.10

  • Zarafa 6.11

  • Zarafa 6.20

  • Zarafa 7.1.8


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1059903

MANDRIVA - MDVSA-2014:044


Last Updated: 27 May 2016 11:05:06