Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 18 Aug 2009 10:18:16 +0200
From: "Matthias Andree" <matthias.andree@....de>
To: oss-security@...ts.openwall.com
Cc: cve@...re.org
Subject: Re: CVE-2007-1558 update (was: mailfilter 0.8.2 fixes CVE-2007-1558
 (APOP))

Am 15.08.2009, 11:27 Uhr, schrieb Robert Buchholz <rbu@...too.org>:

> CVE-2007-1558:
>   The APOP protocol allows remote attackers to guess the first 3
>   characters of a password via man-in-the-middle (MITM) attacks that use
>   crafted message IDs and MD5 collisions. NOTE: this design-level issue
>   potentially affects all products that use APOP, including (1)
>   Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution,
>   (3) mutt, (4) fetchmail, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x
>   before 1.1.2, (6) Balsa 2.3.16 and earlier, and possibly other
>   products.

Greetings,

Could CVE-2007-1558 be updated to mention "fetchmail before and excluding  
6.3.8"?

Thanks.

-- 
Matthias Andree

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ