Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 18 Aug 2009 10:18:16 +0200
From: "Matthias Andree" <>
Subject: Re: CVE-2007-1558 update (was: mailfilter 0.8.2 fixes CVE-2007-1558

Am 15.08.2009, 11:27 Uhr, schrieb Robert Buchholz <>:

> CVE-2007-1558:
>   The APOP protocol allows remote attackers to guess the first 3
>   characters of a password via man-in-the-middle (MITM) attacks that use
>   crafted message IDs and MD5 collisions. NOTE: this design-level issue
>   potentially affects all products that use APOP, including (1)
>   Thunderbird 1.x before and 2.x before, (2) Evolution,
>   (3) mutt, (4) fetchmail, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x
>   before 1.1.2, (6) Balsa 2.3.16 and earlier, and possibly other
>   products.


Could CVE-2007-1558 be updated to mention "fetchmail before and excluding  


Matthias Andree

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ