CVE-2007-1558
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2007-1558
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2007-1558.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2007-1558
- Related
- Published
- 2007-04-16T22:19:00Z
- Modified
- 2024-07-31T16:00:20Z
- Summary
- [none]
- Details
-
The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.
- References
-
- ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc
- http://secunia.com/advisories/25353
- http://secunia.com/advisories/25402
- http://secunia.com/advisories/25476
- http://secunia.com/advisories/25496
- http://secunia.com/advisories/25529
- http://secunia.com/advisories/25534
- http://secunia.com/advisories/25546
- http://secunia.com/advisories/25559
- http://secunia.com/advisories/25664
- http://secunia.com/advisories/25750
- http://secunia.com/advisories/25798
- http://secunia.com/advisories/25858
- http://secunia.com/advisories/25894
- http://secunia.com/advisories/26083
- http://secunia.com/advisories/26415
- http://secunia.com/advisories/35699
- http://security.gentoo.org/glsa/glsa-200706-06.xml
- http://www.debian.org/security/2007/dsa-1300
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:105
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:107
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:113
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:119
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:131
- http://www.mozilla.org/security/announce/2007/mfsa2007-15.html
- http://www.novell.com/linux/security/advisories/2007_14_sr.html
- http://www.novell.com/linux/security/advisories/2007_36_mozilla.html
- http://www.securityfocus.com/archive/1/464477/30/0/threaded
- http://www.ubuntu.com/usn/usn-469-1
- http://www.ubuntu.com/usn/usn-520-1
- http://www.vupen.com/english/advisories/2007/1466
- http://www.vupen.com/english/advisories/2007/1467
- http://www.vupen.com/english/advisories/2007/1468
- http://www.vupen.com/english/advisories/2007/1480
- http://www.vupen.com/english/advisories/2007/1939
- http://www.vupen.com/english/advisories/2007/1994
- http://www.vupen.com/english/advisories/2007/2788
- http://www.vupen.com/english/advisories/2008/0082
- http://www.debian.org/security/2007/dsa-1305
- http://www.securityfocus.com/bid/23257
- http://balsa.gnome.org/download.html
- http://docs.info.apple.com/article.html?artnum=305530
- http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
- http://lists.apple.com/archives/security-announce/2007/May/msg00004.html
- http://mail.gnome.org/archives/balsa-list/2007-July/msg00000.html
- http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857
- http://sourceforge.net/forum/forum.php?forum_id=683706
- http://sylpheed.sraoss.jp/en/news.html
- http://www.claws-mail.org/news.php
- http://www.openwall.com/lists/oss-security/2009/08/15/1
- http://www.openwall.com/lists/oss-security/2009/08/18/1
- http://www.redhat.com/support/errata/RHSA-2007-0344.html
- http://www.redhat.com/support/errata/RHSA-2007-0353.html
- http://www.redhat.com/support/errata/RHSA-2007-0385.html
- http://www.redhat.com/support/errata/RHSA-2007-0386.html
- http://www.redhat.com/support/errata/RHSA-2007-0401.html
- http://www.redhat.com/support/errata/RHSA-2007-0402.html
- http://www.redhat.com/support/errata/RHSA-2009-1140.html
- http://www.securityfocus.com/archive/1/464569/100/0/threaded
- http://www.securityfocus.com/archive/1/470172/100/200/threaded
- http://www.securityfocus.com/archive/1/471455/100/0/threaded
- http://www.securityfocus.com/archive/1/471720/100/0/threaded
- http://www.securityfocus.com/archive/1/471842/100/0/threaded
- http://www.securitytracker.com/id?1018008
- http://www.trustix.org/errata/2007/0019/
- http://www.trustix.org/errata/2007/0024/
- http://www.us-cert.gov/cas/techalerts/TA07-151A.html
- https://issues.rpath.com/browse/RPL-1231
- https://issues.rpath.com/browse/RPL-1232
- https://issues.rpath.com/browse/RPL-1424
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9782
- https://security-tracker.debian.org/tracker/CVE-2007-1558
Affected packages
Debian:11 / balsa
Package
- Name
- balsa
- Purl
- pkg:deb/debian/balsa?arch=source
Debian:12 / balsa
Package
- Name
- balsa
- Purl
- pkg:deb/debian/balsa?arch=source
Debian:11 / claws-mail
Package
- Name
- claws-mail
- Purl
- pkg:deb/debian/claws-mail?arch=source
Debian:12 / claws-mail
Package
- Name
- claws-mail
- Purl
- pkg:deb/debian/claws-mail?arch=source
Debian:13 / claws-mail
Package
- Name
- claws-mail
- Purl
- pkg:deb/debian/claws-mail?arch=source
Debian:11 / fetchmail
Package
- Name
- fetchmail
- Purl
- pkg:deb/debian/fetchmail?arch=source
Debian:12 / fetchmail
Package
- Name
- fetchmail
- Purl
- pkg:deb/debian/fetchmail?arch=source
Debian:13 / fetchmail
Package
- Name
- fetchmail
- Purl
- pkg:deb/debian/fetchmail?arch=source
Debian:11 / mailfilter
Package
- Name
- mailfilter
- Purl
- pkg:deb/debian/mailfilter?arch=source
Debian:12 / mailfilter
Package
- Name
- mailfilter
- Purl
- pkg:deb/debian/mailfilter?arch=source
Debian:13 / mailfilter
Package
- Name
- mailfilter
- Purl
- pkg:deb/debian/mailfilter?arch=source
Debian:11 / mutt
Package
- Name
- mutt
- Purl
- pkg:deb/debian/mutt?arch=source
Debian:12 / mutt
Package
- Name
- mutt
- Purl
- pkg:deb/debian/mutt?arch=source
Debian:13 / mutt
Package
- Name
- mutt
- Purl
- pkg:deb/debian/mutt?arch=source