Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 18 Aug 2009 10:18:16 +0200
From: "Matthias Andree" <>
Subject: Re: CVE-2007-1558 update (was: mailfilter 0.8.2 fixes CVE-2007-1558

Am 15.08.2009, 11:27 Uhr, schrieb Robert Buchholz <>:

> CVE-2007-1558:
>   The APOP protocol allows remote attackers to guess the first 3
>   characters of a password via man-in-the-middle (MITM) attacks that use
>   crafted message IDs and MD5 collisions. NOTE: this design-level issue
>   potentially affects all products that use APOP, including (1)
>   Thunderbird 1.x before and 2.x before, (2) Evolution,
>   (3) mutt, (4) fetchmail, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x
>   before 1.1.2, (6) Balsa 2.3.16 and earlier, and possibly other
>   products.


Could CVE-2007-1558 be updated to mention "fetchmail before and excluding  


Matthias Andree

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.