oss-sec mailing list archives
Re: CVE-2007-1558 update (was: mailfilter 0.8.2 fixes CVE-2007-1558 (APOP))
From: "Matthias Andree" <matthias.andree () gmx de>
Date: Tue, 18 Aug 2009 10:18:16 +0200
Am 15.08.2009, 11:27 Uhr, schrieb Robert Buchholz <rbu () gentoo org>:
CVE-2007-1558: The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, and possibly other products.
Greetings,Could CVE-2007-1558 be updated to mention "fetchmail before and excluding 6.3.8"?
Thanks. -- Matthias Andree
Current thread:
- mailfilter 0.8.2 fixes CVE-2007-1558 (APOP) Robert Buchholz (Aug 15)
- Re: CVE-2007-1558 update (was: mailfilter 0.8.2 fixes CVE-2007-1558 (APOP)) Matthias Andree (Aug 18)
- Re: Re: CVE-2007-1558 update (was: mailfilter 0.8.2 fixes CVE-2007-1558 (APOP)) Steven M. Christey (Sep 01)
- Re: CVE-2007-1558 update (was: mailfilter 0.8.2 fixes CVE-2007-1558 (APOP)) Matthias Andree (Aug 18)