FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-1558

This CVE name corresponds to:

Entered Topic
2007-04-19 claws-mail -- APOP vulnerability
2007-04-09 fetchmail -- insecure APOP authentication

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-1558 at cve.mitre.org

Details

Type Candidate
Name CVE-2007-1558
Phase Assigned(20070320)

Description

The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.

References

Source Reference
BUGTRAQ 20070402 APOP vulnerability
BUGTRAQ 20070403 Re: APOP vulnerability
BUGTRAQ 20070615 rPSA-2007-0122-1 evolution-data-server
BUGTRAQ 20070619 FLEA-2007-0026-1: evolution-data-server
BUGTRAQ 20070531 FLEA-2007-0023-1: firefox
BUGTRAQ 20070620 FLEA-2007-0027-1: thunderbird
MLIST [balsa-list] 20070704 balsa-2.3.17 released
MLIST [oss-security] 20090815 mailfilter 0.8.2 fixes CVE-2007-1558 (APOP)
MLIST [oss-security] 20090818 Re: CVE-2007-1558 update (was: mailfilter 0.8.2 fixes CVE-2007-1558 (APOP))
CONFIRM http://docs.info.apple.com/article.html?artnum=305530
CONFIRM http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt
CONFIRM http://sourceforge.net/forum/forum.php?forum_id=683706
CONFIRM http://sylpheed.sraoss.jp/en/news.html
CONFIRM http://www.claws-mail.org/news.php
CONFIRM http://www.mozilla.org/security/announce/2007/mfsa2007-15.html
CONFIRM https://issues.rpath.com/browse/RPL-1424
CONFIRM https://issues.rpath.com/browse/RPL-1232
CONFIRM https://issues.rpath.com/browse/RPL-1231
CONFIRM http://balsa.gnome.org/download.html
APPLE APPLE-SA-2007-05-24
DEBIAN DSA-1300
DEBIAN DSA-1305
GENTOO GLSA-200706-06
HP HPSBUX02153
HP HPSBUX02156
HP SSRT061181
HP SSRT061236
MANDRIVA MDKSA-2007:105
MANDRIVA MDKSA-2007:107
MANDRIVA MDKSA-2007:113
MANDRIVA MDKSA-2007:119
MANDRIVA MDKSA-2007:131
REDHAT RHSA-2007:0353
REDHAT RHSA-2007:0344
REDHAT RHSA-2007:0386
REDHAT RHSA-2007:0385
REDHAT RHSA-2007:0401
REDHAT RHSA-2007:0402
REDHAT RHSA-2009:1140
SGI 20070602-01-P
SLACKWARE SSA:2007-152-02
SUSE SUSE-SA:2007:036
SUSE SUSE-SR:2007:014
TRUSTIX 2007-0019
TRUSTIX 2007-0024
UBUNTU USN-469-1
UBUNTU USN-520-1
CERT TA07-151A
BID 23257
OVAL oval:org.mitre.oval:def:9782
SECUNIA 35699
VUPEN ADV-2007-1466
VUPEN ADV-2007-1467
VUPEN ADV-2007-1468
VUPEN ADV-2007-1480
VUPEN ADV-2007-1939
VUPEN ADV-2007-1994
VUPEN ADV-2007-2788
VUPEN ADV-2008-0082
SECTRACK 1018008
SECUNIA 25353
SECUNIA 25402
SECUNIA 25476
SECUNIA 25529
SECUNIA 25546
SECUNIA 25496
SECUNIA 25559
SECUNIA 25534
SECUNIA 25664
SECUNIA 25750
SECUNIA 25798
SECUNIA 25894
SECUNIA 26083
SECUNIA 26415
SECUNIA 25858

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.