Date: Tue, 18 Aug 2009 10:18:16 +0200 From: "Matthias Andree" <matthias.andree@....de> To: oss-security@...ts.openwall.com Cc: cve@...re.org Subject: Re: CVE-2007-1558 update (was: mailfilter 0.8.2 fixes CVE-2007-1558 (APOP)) Am 15.08.2009, 11:27 Uhr, schrieb Robert Buchholz <rbu@...too.org>: > CVE-2007-1558: > The APOP protocol allows remote attackers to guess the first 3 > characters of a password via man-in-the-middle (MITM) attacks that use > crafted message IDs and MD5 collisions. NOTE: this design-level issue > potentially affects all products that use APOP, including (1) > Thunderbird 1.x before 220.127.116.11 and 2.x before 18.104.22.168, (2) Evolution, > (3) mutt, (4) fetchmail, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x > before 1.1.2, (6) Balsa 2.3.16 and earlier, and possibly other > products. Greetings, Could CVE-2007-1558 be updated to mention "fetchmail before and excluding 6.3.8"? Thanks. -- Matthias Andree
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.