CVE-2007-1558 Information

Feb 14, 2021 cve

Description

The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4 (2) Evolution (3) mutt (4) fetchmail before 6.3.8 (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2 (6) Balsa 2.3.16 and earlier (7) Mailfilter before 0.8.2 and possibly other products.

Reference

ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc http://balsa.gnome.org/download.html http://docs.info.apple.com/article.html?artnum=305530 http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579 http://lists.apple.com/archives/security-announce/2007/May/msg00004.html http://mail.gnome.org/archives/balsa-list/2007-July/msg00000.html http://secunia.com/advisories/25353 http://secunia.com/advisories/25402 http://secunia.com/advisories/25476 http://secunia.com/advisories/25496 http://secunia.com/advisories/25529 http://secunia.com/advisories/25534 http://secunia.com/advisories/25546 http://secunia.com/advisories/25559 http://secunia.com/advisories/25664 http://secunia.com/advisories/25750 http://secunia.com/advisories/25798 http://secunia.com/advisories/25858 http://secunia.com/advisories/25894 http://secunia.com/advisories/26083 http://secunia.com/advisories/26415 http://secunia.com/advisories/35699 http://security.gentoo.org/glsa/glsa-200706-06.xml http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857 http://sourceforge.net/forum/forum.php?forum_id=683706 http://sylpheed.sraoss.jp/en/news.html http://www.claws-mail.org/news.php http://www.debian.org/security/2007/dsa-1300 http://www.debian.org/security/2007/dsa-1305 http://www.mandriva.com/security/advisories?name=MDKSA-2007:105 http://www.mandriva.com/security/advisories?name=MDKSA-2007:107 http://www.mandriva.com/security/advisories?name=MDKSA-2007:113 http://www.mandriva.com/security/advisories?name=MDKSA-2007:119 http://www.mandriva.com/security/advisories?name=MDKSA-2007:131 http://www.mozilla.org/security/announce/2007/mfsa2007-15.html http://www.novell.com/linux/security/advisories/2007_14_sr.html http://www.novell.com/linux/security/advisories/2007_36_mozilla.html http://www.openwall.com/lists/oss-security/2009/08/15/1 http://www.openwall.com/lists/oss-security/2009/08/18/1 http://www.redhat.com/support/errata/RHSA-2007-0344.html http://www.redhat.com/support/errata/RHSA-2007-0353.html http://www.redhat.com/support/errata/RHSA-2007-0385.html http://www.redhat.com/support/errata/RHSA-2007-0386.html http://www.redhat.com/support/errata/RHSA-2007-0401.html http://www.redhat.com/support/errata/RHSA-2007-0402.html http://www.redhat.com/support/errata/RHSA-2009-1140.html http://www.securityfocus.com/archive/1/464477/30/0/threaded http://www.securityfocus.com/archive/1/464569/100/0/threaded http://www.securityfocus.com/archive/1/470172/100/200/threaded http://www.securityfocus.com/archive/1/471455/100/0/threaded http://www.securityfocus.com/archive/1/471720/100/0/threaded http://www.securityfocus.com/archive/1/471842/100/0/threaded http://www.securityfocus.com/bid/23257 http://www.securitytracker.com/id?1018008 http://www.trustix.org/errata/2007/0019/ http://www.trustix.org/errata/2007/0024/ http://www.ubuntu.com/usn/usn-469-1 http://www.ubuntu.com/usn/usn-520-1 http://www.us-cert.gov/cas/techalerts/TA07-151A.html http://www.vupen.com/english/advisories/2007/1466 http://www.vupen.com/english/advisories/2007/1467 http://www.vupen.com/english/advisories/2007/1468 http://www.vupen.com/english/advisories/2007/1480 http://www.vupen.com/english/advisories/2007/1939 http://www.vupen.com/english/advisories/2007/1994 http://www.vupen.com/english/advisories/2007/2788 http://www.vupen.com/english/advisories/2008/0082 https://issues.rpath.com/browse/RPL-1231 https://issues.rpath.com/browse/RPL-1232 https://issues.rpath.com/browse/RPL-1424 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A9782

Share on: