[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: CVE-2007-1558 update (was: mailfilter 0.8.2 fixes CVE-2007-1558
From:       "Matthias Andree" <matthias.andree () gmx ! de>
Date:       2009-08-18 8:18:16
Message-ID: op.uyumoqja1e62zd () balu ! cs ! uni-paderborn ! de
[Download RAW message or body]

Am 15.08.2009, 11:27 Uhr, schrieb Robert Buchholz <rbu@gentoo.org>:

> CVE-2007-1558:
>   The APOP protocol allows remote attackers to guess the first 3
>   characters of a password via man-in-the-middle (MITM) attacks that use
>   crafted message IDs and MD5 collisions. NOTE: this design-level issue
>   potentially affects all products that use APOP, including (1)
>   Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution,
>   (3) mutt, (4) fetchmail, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x
>   before 1.1.2, (6) Balsa 2.3.16 and earlier, and possibly other
>   products.

Greetings,

Could CVE-2007-1558 be updated to mention "fetchmail before and excluding  
6.3.8"?

Thanks.

-- 
Matthias Andree
[prev in list] [next in list] [prev in thread] [next in thread]