Vulnerabilites related to apop_protocol - apop_protocol
Vulnerability from fkie_nvd
Published
2007-04-16 22:19
Modified
2025-04-09 00:30
Severity ?
Summary
The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apop_protocol | apop_protocol | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apop_protocol:apop_protocol:*:*:*:*:*:*:*:*", matchCriteriaId: "35A32BC4-9BE2-429C-9D9A-BE4DF4CD9F77", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.", }, { lang: "es", value: "El protocolo APOP permite a los atacantes remotos adivinar los primeros 3 caracteres de una contraseña por medio de ataques de tipo man-in-the-middle (MITM) que utilizan ID de mensajes creados y colisiones MD5. NOTA: este problema a nivel de creación afecta potencialmente a todos los productos que utilizan APOP, incluyendo (1) Thunderbird versión 1.x anterior a la versión 1.5.0.12 y versión 2.x anterior a la versión 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail anterior a la versión 6.3.8, (5) SeaMonkey versión 1.0.x anterior a la versión 1.0.9 y versión 1.1.x anterior a la versión 1.1.2, (6) Balsa versión 2.3.16 y anteriores, (7) Mailfilter anterior a la versión 0.8.2, y posiblemente otros productos.", }, ], id: "CVE-2007-1558", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2007-04-16T22:19:00.000", references: [ { source: "cve@mitre.org", url: "ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc", }, { source: "cve@mitre.org", url: "http://balsa.gnome.org/download.html", }, { source: "cve@mitre.org", url: "http://docs.info.apple.com/article.html?artnum=305530", }, { source: "cve@mitre.org", url: "http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt", }, { source: "cve@mitre.org", url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742", }, { source: "cve@mitre.org", url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742", }, { source: "cve@mitre.org", url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579", }, { source: "cve@mitre.org", url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579", }, { source: "cve@mitre.org", url: "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html", }, { source: "cve@mitre.org", url: "http://mail.gnome.org/archives/balsa-list/2007-July/msg00000.html", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/25353", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/25402", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/25476", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/25496", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/25529", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/25534", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/25546", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/25559", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/25664", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/25750", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/25798", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/25858", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/25894", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/26083", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/26415", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/35699", }, { source: "cve@mitre.org", url: "http://security.gentoo.org/glsa/glsa-200706-06.xml", }, { source: "cve@mitre.org", url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857", }, { source: "cve@mitre.org", url: "http://sourceforge.net/forum/forum.php?forum_id=683706", }, { source: "cve@mitre.org", url: "http://sylpheed.sraoss.jp/en/news.html", }, { source: "cve@mitre.org", url: "http://www.claws-mail.org/news.php", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2007/dsa-1300", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.debian.org/security/2007/dsa-1305", }, { source: "cve@mitre.org", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:105", }, { source: "cve@mitre.org", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:107", }, { source: "cve@mitre.org", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:113", }, { source: "cve@mitre.org", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:119", }, { source: "cve@mitre.org", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:131", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/2007/mfsa2007-15.html", }, { source: "cve@mitre.org", url: "http://www.novell.com/linux/security/advisories/2007_14_sr.html", }, { source: "cve@mitre.org", url: "http://www.novell.com/linux/security/advisories/2007_36_mozilla.html", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2009/08/15/1", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2009/08/18/1", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2007-0344.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2007-0353.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2007-0385.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2007-0386.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2007-0401.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2007-0402.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2009-1140.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.securityfocus.com/archive/1/464477/30/0/threaded", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/464569/100/0/threaded", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/470172/100/200/threaded", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/471455/100/0/threaded", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/471720/100/0/threaded", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/471842/100/0/threaded", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/23257", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id?1018008", }, { source: "cve@mitre.org", url: "http://www.trustix.org/errata/2007/0019/", }, { source: "cve@mitre.org", url: "http://www.trustix.org/errata/2007/0024/", }, { source: "cve@mitre.org", url: "http://www.ubuntu.com/usn/usn-469-1", }, { source: "cve@mitre.org", url: "http://www.ubuntu.com/usn/usn-520-1", }, { source: "cve@mitre.org", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA07-151A.html", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2007/1466", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2007/1467", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2007/1468", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2007/1480", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2007/1939", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2007/1994", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2007/2788", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2008/0082", }, { source: "cve@mitre.org", url: "https://issues.rpath.com/browse/RPL-1231", }, { source: "cve@mitre.org", url: "https://issues.rpath.com/browse/RPL-1232", }, { source: "cve@mitre.org", url: "https://issues.rpath.com/browse/RPL-1424", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9782", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://balsa.gnome.org/download.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://docs.info.apple.com/article.html?artnum=305530", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://mail.gnome.org/archives/balsa-list/2007-July/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/25353", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/25402", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/25476", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/25496", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/25529", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/25534", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/25546", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/25559", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/25664", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/25750", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/25798", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/25858", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/25894", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/26083", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/26415", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/35699", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://security.gentoo.org/glsa/glsa-200706-06.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://sourceforge.net/forum/forum.php?forum_id=683706", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://sylpheed.sraoss.jp/en/news.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.claws-mail.org/news.php", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2007/dsa-1300", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.debian.org/security/2007/dsa-1305", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:105", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:107", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:113", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:119", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:131", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/2007/mfsa2007-15.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2007_14_sr.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2007_36_mozilla.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2009/08/15/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2009/08/18/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2007-0344.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2007-0353.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2007-0385.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2007-0386.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2007-0401.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2007-0402.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2009-1140.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.securityfocus.com/archive/1/464477/30/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/464569/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/470172/100/200/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/471455/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/471720/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/471842/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/23257", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1018008", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.trustix.org/errata/2007/0019/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.trustix.org/errata/2007/0024/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/usn-469-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/usn-520-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA07-151A.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2007/1466", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2007/1467", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2007/1468", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2007/1480", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2007/1939", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2007/1994", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2007/2788", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/0082", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://issues.rpath.com/browse/RPL-1231", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://issues.rpath.com/browse/RPL-1232", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://issues.rpath.com/browse/RPL-1424", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9782", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
CVE-2007-1558 (GCVE-0-2007-1558)
Vulnerability from cvelistv5
Published
2007-04-16 22:00
Modified
2024-08-07 12:59
Severity ?
EPSS score ?
Summary
The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T12:59:08.708Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "25496", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/25496", }, { name: "25529", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/25529", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://sourceforge.net/forum/forum.php?forum_id=683706", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://docs.info.apple.com/article.html?artnum=305530", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.claws-mail.org/news.php", }, { name: "MDKSA-2007:107", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:107", }, { name: "2007-0024", tags: [ "vendor-advisory", "x_refsource_TRUSTIX", "x_transferred", ], url: "http://www.trustix.org/errata/2007/0024/", }, { name: "20070403 Re: APOP vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/464569/100/0/threaded", }, { name: "25894", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/25894", }, { name: "20070615 rPSA-2007-0122-1 evolution-data-server", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/471455/100/0/threaded", }, { name: "ADV-2007-1939", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/1939", }, { name: "26083", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/26083", }, { name: "ADV-2007-1468", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/1468", }, { name: "RHSA-2009:1140", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2009-1140.html", }, { name: "HPSBUX02156", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579", }, { name: "20070531 FLEA-2007-0023-1: firefox", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/470172/100/200/threaded", }, { name: "26415", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/26415", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt", }, { name: "[oss-security] 20090818 Re: CVE-2007-1558 update (was: mailfilter 0.8.2 fixes CVE-2007-1558 (APOP))", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2009/08/18/1", }, { name: "APPLE-SA-2007-05-24", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html", }, { name: "SUSE-SR:2007:014", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2007_14_sr.html", }, { name: "25402", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/25402", }, { name: "HPSBUX02153", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742", }, { name: "20070402 APOP vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/464477/30/0/threaded", }, { name: "SUSE-SA:2007:036", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2007_36_mozilla.html", }, { name: "GLSA-200706-06", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200706-06.xml", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://sylpheed.sraoss.jp/en/news.html", }, { name: "25534", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/25534", }, { name: "ADV-2007-1994", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/1994", }, { name: "SSA:2007-152-02", tags: [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred", ], url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857", }, { name: "23257", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/23257", }, { name: "USN-469-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/usn-469-1", }, { name: "MDKSA-2007:131", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:131", }, { name: "DSA-1305", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2007/dsa-1305", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://issues.rpath.com/browse/RPL-1231", }, { name: "ADV-2007-1467", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/1467", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/announce/2007/mfsa2007-15.html", }, { name: "ADV-2007-2788", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/2788", }, { name: "SSRT061236", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://issues.rpath.com/browse/RPL-1424", }, { name: "25664", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/25664", }, { name: "MDKSA-2007:119", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:119", }, { name: "25546", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/25546", }, { name: "RHSA-2007:0353", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2007-0353.html", }, { name: "RHSA-2007:0385", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2007-0385.html", }, { name: "25858", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/25858", }, { name: "25798", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/25798", }, { name: "25353", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/25353", }, { name: "ADV-2008-0082", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/0082", }, { name: "[oss-security] 20090815 mailfilter 0.8.2 fixes CVE-2007-1558 (APOP)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2009/08/15/1", }, { name: "RHSA-2007:0401", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2007-0401.html", }, { name: "2007-0019", tags: [ "vendor-advisory", "x_refsource_TRUSTIX", "x_transferred", ], url: "http://www.trustix.org/errata/2007/0019/", }, { name: "25476", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/25476", }, { name: "35699", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/35699", }, { name: "MDKSA-2007:113", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:113", }, { name: "[balsa-list] 20070704 balsa-2.3.17 released", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://mail.gnome.org/archives/balsa-list/2007-July/msg00000.html", }, { name: "SSRT061181", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742", }, { name: "MDKSA-2007:105", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:105", }, { name: "RHSA-2007:0386", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2007-0386.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://issues.rpath.com/browse/RPL-1232", }, { name: "25750", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/25750", }, { name: "20070619 FLEA-2007-0026-1: evolution-data-server", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/471720/100/0/threaded", }, { name: "DSA-1300", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2007/dsa-1300", }, { name: "25559", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/25559", }, { name: "ADV-2007-1466", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/1466", }, { name: "1018008", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1018008", }, { name: "oval:org.mitre.oval:def:9782", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9782", }, { name: "20070602-01-P", tags: [ "vendor-advisory", "x_refsource_SGI", "x_transferred", ], url: "ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc", }, { name: "RHSA-2007:0402", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2007-0402.html", }, { name: "ADV-2007-1480", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/1480", }, { name: "USN-520-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/usn-520-1", }, { name: "TA07-151A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA07-151A.html", }, { name: "RHSA-2007:0344", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2007-0344.html", }, { name: "20070620 FLEA-2007-0027-1: thunderbird", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/471842/100/0/threaded", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://balsa.gnome.org/download.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-04-02T00:00:00", descriptions: [ { lang: "en", value: "The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "25496", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/25496", }, { name: "25529", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/25529", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://sourceforge.net/forum/forum.php?forum_id=683706", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://docs.info.apple.com/article.html?artnum=305530", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.claws-mail.org/news.php", }, { name: "MDKSA-2007:107", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:107", }, { name: "2007-0024", tags: [ "vendor-advisory", "x_refsource_TRUSTIX", ], url: "http://www.trustix.org/errata/2007/0024/", }, { name: "20070403 Re: APOP vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/464569/100/0/threaded", }, { name: "25894", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/25894", }, { name: "20070615 rPSA-2007-0122-1 evolution-data-server", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/471455/100/0/threaded", }, { name: "ADV-2007-1939", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/1939", }, { name: "26083", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/26083", }, { name: "ADV-2007-1468", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/1468", }, { name: "RHSA-2009:1140", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2009-1140.html", }, { name: "HPSBUX02156", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579", }, { name: "20070531 FLEA-2007-0023-1: firefox", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/470172/100/200/threaded", }, { name: "26415", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/26415", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt", }, { name: "[oss-security] 20090818 Re: CVE-2007-1558 update (was: mailfilter 0.8.2 fixes CVE-2007-1558 (APOP))", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2009/08/18/1", }, { name: "APPLE-SA-2007-05-24", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html", }, { name: "SUSE-SR:2007:014", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2007_14_sr.html", }, { name: "25402", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/25402", }, { name: "HPSBUX02153", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742", }, { name: "20070402 APOP vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/464477/30/0/threaded", }, { name: "SUSE-SA:2007:036", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2007_36_mozilla.html", }, { name: "GLSA-200706-06", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200706-06.xml", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://sylpheed.sraoss.jp/en/news.html", }, { name: "25534", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/25534", }, { name: "ADV-2007-1994", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/1994", }, { name: "SSA:2007-152-02", tags: [ "vendor-advisory", "x_refsource_SLACKWARE", ], url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857", }, { name: "23257", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/23257", }, { name: "USN-469-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/usn-469-1", }, { name: "MDKSA-2007:131", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:131", }, { name: "DSA-1305", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2007/dsa-1305", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://issues.rpath.com/browse/RPL-1231", }, { name: "ADV-2007-1467", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/1467", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/announce/2007/mfsa2007-15.html", }, { name: "ADV-2007-2788", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/2788", }, { name: "SSRT061236", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://issues.rpath.com/browse/RPL-1424", }, { name: "25664", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/25664", }, { name: "MDKSA-2007:119", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:119", }, { name: "25546", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/25546", }, { name: "RHSA-2007:0353", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2007-0353.html", }, { name: "RHSA-2007:0385", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2007-0385.html", }, { name: "25858", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/25858", }, { name: "25798", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/25798", }, { name: "25353", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/25353", }, { name: "ADV-2008-0082", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/0082", }, { name: "[oss-security] 20090815 mailfilter 0.8.2 fixes CVE-2007-1558 (APOP)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2009/08/15/1", }, { name: "RHSA-2007:0401", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2007-0401.html", }, { name: "2007-0019", tags: [ "vendor-advisory", "x_refsource_TRUSTIX", ], url: "http://www.trustix.org/errata/2007/0019/", }, { name: "25476", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/25476", }, { name: "35699", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/35699", }, { name: "MDKSA-2007:113", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:113", }, { name: "[balsa-list] 20070704 balsa-2.3.17 released", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://mail.gnome.org/archives/balsa-list/2007-July/msg00000.html", }, { name: "SSRT061181", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742", }, { name: "MDKSA-2007:105", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:105", }, { name: "RHSA-2007:0386", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2007-0386.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://issues.rpath.com/browse/RPL-1232", }, { name: "25750", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/25750", }, { name: "20070619 FLEA-2007-0026-1: evolution-data-server", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/471720/100/0/threaded", }, { name: "DSA-1300", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2007/dsa-1300", }, { name: "25559", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/25559", }, { name: "ADV-2007-1466", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/1466", }, { name: "1018008", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1018008", }, { name: "oval:org.mitre.oval:def:9782", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9782", }, { name: "20070602-01-P", tags: [ "vendor-advisory", "x_refsource_SGI", ], url: "ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc", }, { name: "RHSA-2007:0402", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2007-0402.html", }, { name: "ADV-2007-1480", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/1480", }, { name: "USN-520-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/usn-520-1", }, { name: "TA07-151A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA07-151A.html", }, { name: "RHSA-2007:0344", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2007-0344.html", }, { name: "20070620 FLEA-2007-0027-1: thunderbird", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/471842/100/0/threaded", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://balsa.gnome.org/download.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2007-1558", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "25496", refsource: "SECUNIA", url: "http://secunia.com/advisories/25496", }, { name: "25529", refsource: "SECUNIA", url: "http://secunia.com/advisories/25529", }, { name: "http://sourceforge.net/forum/forum.php?forum_id=683706", refsource: "CONFIRM", url: "http://sourceforge.net/forum/forum.php?forum_id=683706", }, { name: "http://docs.info.apple.com/article.html?artnum=305530", refsource: "CONFIRM", url: "http://docs.info.apple.com/article.html?artnum=305530", }, { name: "http://www.claws-mail.org/news.php", refsource: "CONFIRM", url: "http://www.claws-mail.org/news.php", }, { name: "MDKSA-2007:107", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:107", }, { name: "2007-0024", refsource: "TRUSTIX", url: "http://www.trustix.org/errata/2007/0024/", }, { name: "20070403 Re: APOP vulnerability", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/464569/100/0/threaded", }, { name: "25894", refsource: "SECUNIA", url: "http://secunia.com/advisories/25894", }, { name: "20070615 rPSA-2007-0122-1 evolution-data-server", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/471455/100/0/threaded", }, { name: "ADV-2007-1939", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2007/1939", }, { name: "26083", refsource: "SECUNIA", url: "http://secunia.com/advisories/26083", }, { name: "ADV-2007-1468", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2007/1468", }, { name: "RHSA-2009:1140", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2009-1140.html", }, { name: "HPSBUX02156", refsource: "HP", url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579", }, { name: "20070531 FLEA-2007-0023-1: firefox", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/470172/100/200/threaded", }, { name: "26415", refsource: "SECUNIA", url: "http://secunia.com/advisories/26415", }, { name: "http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt", refsource: "CONFIRM", url: "http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt", }, { name: "[oss-security] 20090818 Re: CVE-2007-1558 update (was: mailfilter 0.8.2 fixes CVE-2007-1558 (APOP))", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2009/08/18/1", }, { name: "APPLE-SA-2007-05-24", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html", }, { name: "SUSE-SR:2007:014", refsource: "SUSE", url: "http://www.novell.com/linux/security/advisories/2007_14_sr.html", }, { name: "25402", refsource: "SECUNIA", url: "http://secunia.com/advisories/25402", }, { name: "HPSBUX02153", refsource: "HP", url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742", }, { name: "20070402 APOP vulnerability", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/464477/30/0/threaded", }, { name: "SUSE-SA:2007:036", refsource: "SUSE", url: "http://www.novell.com/linux/security/advisories/2007_36_mozilla.html", }, { name: "GLSA-200706-06", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-200706-06.xml", }, { name: "http://sylpheed.sraoss.jp/en/news.html", refsource: "CONFIRM", url: "http://sylpheed.sraoss.jp/en/news.html", }, { name: "25534", refsource: "SECUNIA", url: "http://secunia.com/advisories/25534", }, { name: "ADV-2007-1994", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2007/1994", }, { name: "SSA:2007-152-02", refsource: "SLACKWARE", url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857", }, { name: "23257", refsource: "BID", url: "http://www.securityfocus.com/bid/23257", }, { name: "USN-469-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/usn-469-1", }, { name: "MDKSA-2007:131", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:131", }, { name: "DSA-1305", refsource: "DEBIAN", url: "http://www.debian.org/security/2007/dsa-1305", }, { name: "https://issues.rpath.com/browse/RPL-1231", refsource: "CONFIRM", url: "https://issues.rpath.com/browse/RPL-1231", }, { name: "ADV-2007-1467", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2007/1467", }, { name: "http://www.mozilla.org/security/announce/2007/mfsa2007-15.html", refsource: "CONFIRM", url: "http://www.mozilla.org/security/announce/2007/mfsa2007-15.html", }, { name: "ADV-2007-2788", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2007/2788", }, { name: "SSRT061236", refsource: "HP", url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579", }, { name: "https://issues.rpath.com/browse/RPL-1424", refsource: "CONFIRM", url: "https://issues.rpath.com/browse/RPL-1424", }, { name: "25664", refsource: "SECUNIA", url: "http://secunia.com/advisories/25664", }, { name: "MDKSA-2007:119", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:119", }, { name: "25546", refsource: "SECUNIA", url: "http://secunia.com/advisories/25546", }, { name: "RHSA-2007:0353", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2007-0353.html", }, { name: "RHSA-2007:0385", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2007-0385.html", }, { name: "25858", refsource: "SECUNIA", url: "http://secunia.com/advisories/25858", }, { name: "25798", refsource: "SECUNIA", url: "http://secunia.com/advisories/25798", }, { name: "25353", refsource: "SECUNIA", url: "http://secunia.com/advisories/25353", }, { name: "ADV-2008-0082", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/0082", }, { name: "[oss-security] 20090815 mailfilter 0.8.2 fixes CVE-2007-1558 (APOP)", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2009/08/15/1", }, { name: "RHSA-2007:0401", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2007-0401.html", }, { name: "2007-0019", refsource: "TRUSTIX", url: "http://www.trustix.org/errata/2007/0019/", }, { name: "25476", refsource: "SECUNIA", url: "http://secunia.com/advisories/25476", }, { name: "35699", refsource: "SECUNIA", url: "http://secunia.com/advisories/35699", }, { name: "MDKSA-2007:113", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:113", }, { name: "[balsa-list] 20070704 balsa-2.3.17 released", refsource: "MLIST", url: "http://mail.gnome.org/archives/balsa-list/2007-July/msg00000.html", }, { name: "SSRT061181", refsource: "HP", url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742", }, { name: "MDKSA-2007:105", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:105", }, { name: "RHSA-2007:0386", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2007-0386.html", }, { name: "https://issues.rpath.com/browse/RPL-1232", refsource: "CONFIRM", url: "https://issues.rpath.com/browse/RPL-1232", }, { name: "25750", refsource: "SECUNIA", url: "http://secunia.com/advisories/25750", }, { name: "20070619 FLEA-2007-0026-1: evolution-data-server", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/471720/100/0/threaded", }, { name: "DSA-1300", refsource: "DEBIAN", url: "http://www.debian.org/security/2007/dsa-1300", }, { name: "25559", refsource: "SECUNIA", url: "http://secunia.com/advisories/25559", }, { name: "ADV-2007-1466", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2007/1466", }, { name: "1018008", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1018008", }, { name: "oval:org.mitre.oval:def:9782", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9782", }, { name: "20070602-01-P", refsource: "SGI", url: "ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc", }, { name: "RHSA-2007:0402", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2007-0402.html", }, { name: "ADV-2007-1480", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2007/1480", }, { name: "USN-520-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/usn-520-1", }, { name: "TA07-151A", refsource: "CERT", url: "http://www.us-cert.gov/cas/techalerts/TA07-151A.html", }, { name: "RHSA-2007:0344", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2007-0344.html", }, { name: "20070620 FLEA-2007-0027-1: thunderbird", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/471842/100/0/threaded", }, { name: "http://balsa.gnome.org/download.html", refsource: "CONFIRM", url: "http://balsa.gnome.org/download.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2007-1558", datePublished: "2007-04-16T22:00:00", dateReserved: "2007-03-20T00:00:00", dateUpdated: "2024-08-07T12:59:08.708Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }