Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <op.uyumoqja1e62zd@balu.cs.uni-paderborn.de>
Date: Tue, 18 Aug 2009 10:18:16 +0200
From: "Matthias Andree" <matthias.andree@....de>
To: oss-security@...ts.openwall.com
Cc: cve@...re.org
Subject: Re: CVE-2007-1558 update (was: mailfilter 0.8.2 fixes CVE-2007-1558
 (APOP))

Am 15.08.2009, 11:27 Uhr, schrieb Robert Buchholz <rbu@...too.org>:

> CVE-2007-1558:
>   The APOP protocol allows remote attackers to guess the first 3
>   characters of a password via man-in-the-middle (MITM) attacks that use
>   crafted message IDs and MD5 collisions. NOTE: this design-level issue
>   potentially affects all products that use APOP, including (1)
>   Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution,
>   (3) mutt, (4) fetchmail, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x
>   before 1.1.2, (6) Balsa 2.3.16 and earlier, and possibly other
>   products.

Greetings,

Could CVE-2007-1558 be updated to mention "fetchmail before and excluding  
6.3.8"?

Thanks.

-- 
Matthias Andree

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.