Lucene search

[email protected]CVE-2007-1558

HistoryApr 16, 2007 - 10:19 p.m.

CVE-2007-1558

2007-04-1622:19:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-1558

apop protocol

remote attackers

mitm attacks

md5 collisions

thunderbird

evolution

mutt

fetchmail

seamonkey

balsa

mailfilter

6.7 Medium

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.063 Low

EPSS

Percentile

93.5%

JSON

The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.

CPENameOperatorVersion
apop_protocol:apop_protocolapop protocoleq*

CPE	Name	Operator	Version
apop_protocol:apop_protocol	apop protocol	eq	*

References

ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc

balsa.gnome.org/download.html

docs.info.apple.com/article.html?artnum=305530

fetchmail.berlios.de/fetchmail-SA-2007-01.txt

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579

lists.apple.com/archives/security-announce/2007/May/msg00004.html

mail.gnome.org/archives/balsa-list/2007-July/msg00000.html

secunia.com/advisories/25353

secunia.com/advisories/25402

secunia.com/advisories/25476

secunia.com/advisories/25496

secunia.com/advisories/25529

secunia.com/advisories/25534

secunia.com/advisories/25546

secunia.com/advisories/25559

secunia.com/advisories/25664

secunia.com/advisories/25750

secunia.com/advisories/25798

secunia.com/advisories/25858

secunia.com/advisories/25894

secunia.com/advisories/26083

secunia.com/advisories/26415

secunia.com/advisories/35699

security.gentoo.org/glsa/glsa-200706-06.xml

slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857

sourceforge.net/forum/forum.php?forum_id=683706

sylpheed.sraoss.jp/en/news.html

www.claws-mail.org/news.php

www.debian.org/security/2007/dsa-1300

www.debian.org/security/2007/dsa-1305

www.mandriva.com/security/advisories?name=MDKSA-2007:105

www.mandriva.com/security/advisories?name=MDKSA-2007:107

www.mandriva.com/security/advisories?name=MDKSA-2007:113

www.mandriva.com/security/advisories?name=MDKSA-2007:119

www.mandriva.com/security/advisories?name=MDKSA-2007:131

www.mozilla.org/security/announce/2007/mfsa2007-15.html

www.novell.com/linux/security/advisories/2007_14_sr.html

www.novell.com/linux/security/advisories/2007_36_mozilla.html

www.openwall.com/lists/oss-security/2009/08/15/1

www.openwall.com/lists/oss-security/2009/08/18/1

www.redhat.com/support/errata/RHSA-2007-0344.html

www.redhat.com/support/errata/RHSA-2007-0353.html

www.redhat.com/support/errata/RHSA-2007-0385.html

www.redhat.com/support/errata/RHSA-2007-0386.html

www.redhat.com/support/errata/RHSA-2007-0401.html

www.redhat.com/support/errata/RHSA-2007-0402.html

www.redhat.com/support/errata/RHSA-2009-1140.html

www.securityfocus.com/archive/1/464477/30/0/threaded

www.securityfocus.com/archive/1/464569/100/0/threaded

www.securityfocus.com/archive/1/470172/100/200/threaded

www.securityfocus.com/archive/1/471455/100/0/threaded

www.securityfocus.com/archive/1/471720/100/0/threaded

www.securityfocus.com/archive/1/471842/100/0/threaded

www.securityfocus.com/bid/23257

www.securitytracker.com/id?1018008

www.trustix.org/errata/2007/0019/

www.trustix.org/errata/2007/0024/

www.ubuntu.com/usn/usn-469-1

www.ubuntu.com/usn/usn-520-1

www.us-cert.gov/cas/techalerts/TA07-151A.html

www.vupen.com/english/advisories/2007/1466

www.vupen.com/english/advisories/2007/1467

www.vupen.com/english/advisories/2007/1468

www.vupen.com/english/advisories/2007/1480

www.vupen.com/english/advisories/2007/1939

www.vupen.com/english/advisories/2007/1994

www.vupen.com/english/advisories/2007/2788

www.vupen.com/english/advisories/2008/0082

issues.rpath.com/browse/RPL-1231

issues.rpath.com/browse/RPL-1232

issues.rpath.com/browse/RPL-1424

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9782

6.7 Medium

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.063 Low

EPSS

Percentile

93.5%

JSON

Related for CVE-2007-1558

openvas65 fedora11 nessus59 oraclelinux7 ubuntucve1 freebsd2 redhat7 prion1 centos9 securityvulns2 veracode1 altlinux1 debiancve1 jvn1 mozilla1 ubuntu2 osv2 debian2 gentoo1 suse1 seebug1