Date: Tue, 18 Aug 2009 10:18:16 +0200 From: "Matthias Andree" <matthias.andree@....de> To: oss-security@...ts.openwall.com Cc: cve@...re.org Subject: Re: CVE-2007-1558 update (was: mailfilter 0.8.2 fixes CVE-2007-1558 (APOP)) Am 15.08.2009, 11:27 Uhr, schrieb Robert Buchholz <rbu@...too.org>: > CVE-2007-1558: > The APOP protocol allows remote attackers to guess the first 3 > characters of a password via man-in-the-middle (MITM) attacks that use > crafted message IDs and MD5 collisions. NOTE: this design-level issue > potentially affects all products that use APOP, including (1) > Thunderbird 1.x before 220.127.116.11 and 2.x before 18.104.22.168, (2) Evolution, > (3) mutt, (4) fetchmail, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x > before 1.1.2, (6) Balsa 2.3.16 and earlier, and possibly other > products. Greetings, Could CVE-2007-1558 be updated to mention "fetchmail before and excluding 6.3.8"? Thanks. -- Matthias Andree
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ