[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] mailfilter 0.8.2 fixes CVE-2007-1558 (APOP)
From: Robert Buchholz <rbu () gentoo ! org>
Date: 2009-08-15 9:27:37
Message-ID: 200908151127.57671.rbu () gentoo ! org
[Download RAW message or body]
CVE-2007-1558:
The APOP protocol allows remote attackers to guess the first 3
characters of a password via man-in-the-middle (MITM) attacks that use
crafted message IDs and MD5 collisions. NOTE: this design-level issue
potentially affects all products that use APOP, including (1)
Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution,
(3) mutt, (4) fetchmail, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x
before 1.1.2, (6) Balsa 2.3.16 and earlier, and possibly other
products.
Mailfilter 0.8.2 is now out and added the mitigation mutt added a while
ago: http://mailfilter.sourceforge.net/NEWS
If you need the patch:
http://mailfilter.svn.sourceforge.net/viewvc/mailfilter?view=rev&revision=17
Robert
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic