Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 15 Aug 2009 11:27:37 +0200
From: Robert Buchholz <>
Subject: mailfilter 0.8.2 fixes CVE-2007-1558 (APOP)

  The APOP protocol allows remote attackers to guess the first 3 
  characters of a password via man-in-the-middle (MITM) attacks that use
  crafted message IDs and MD5 collisions. NOTE: this design-level issue
  potentially affects all products that use APOP, including (1)
  Thunderbird 1.x before and 2.x before, (2) Evolution, 
  (3) mutt, (4) fetchmail, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x 
  before 1.1.2, (6) Balsa 2.3.16 and earlier, and possibly other 

Mailfilter 0.8.2 is now out and added the mitigation mutt added a while 

If you need the patch:


Download attachment "signature.asc " of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.