[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Re: CVE-2007-1558 update (was: mailfilter 0.8.2 fixes CVE-2007-1558
From: "Matthias Andree" <matthias.andree () gmx ! de>
Date: 2009-08-18 8:18:16
Message-ID: op.uyumoqja1e62zd () balu ! cs ! uni-paderborn ! de
[Download RAW message or body]
Am 15.08.2009, 11:27 Uhr, schrieb Robert Buchholz <rbu@gentoo.org>:
> CVE-2007-1558:
> The APOP protocol allows remote attackers to guess the first 3
> characters of a password via man-in-the-middle (MITM) attacks that use
> crafted message IDs and MD5 collisions. NOTE: this design-level issue
> potentially affects all products that use APOP, including (1)
> Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution,
> (3) mutt, (4) fetchmail, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x
> before 1.1.2, (6) Balsa 2.3.16 and earlier, and possibly other
> products.
Greetings,
Could CVE-2007-1558 be updated to mention "fetchmail before and excluding
6.3.8"?
Thanks.
--
Matthias Andree
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic