Date: Sat, 15 Aug 2009 11:27:37 +0200 From: Robert Buchholz <rbu@...too.org> To: oss-security@...ts.openwall.com Subject: mailfilter 0.8.2 fixes CVE-2007-1558 (APOP) CVE-2007-1558: The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 188.8.131.52 and 2.x before 184.108.40.206, (2) Evolution, (3) mutt, (4) fetchmail, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, and possibly other products. Mailfilter 0.8.2 is now out and added the mitigation mutt added a while ago: http://mailfilter.sourceforge.net/NEWS If you need the patch: http://mailfilter.svn.sourceforge.net/viewvc/mailfilter?view=rev&revision=17 Robert [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ