pop mail man-in-the-middle attacks [LWN.net]

Package(s):

evolution thunderbird mutt fetchmail

CVE #(s):

CVE-2007-1558

Created:

May 8, 2007

Updated:

August 7, 2007

Description:

The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird, (2) Evolution, (3) mutt, and (4) fetchmail.

Alerts:

Fedora	FEDORA-2007-1447	2007-08-06
rPath	rPSA-2007-0127-1	2007-06-19
Foresight	FLEA-2007-0026-1	2007-06-18
rPath	rPSA-2007-0122-1	2007-06-14
Red Hat	RHSA-2007:0385-01	2007-06-07
rPath	rPSA-2007-0114-1	2007-06-04
Mandriva	MDKSA-2007:113	2007-06-04
Red Hat	RHSA-2007:0386-01	2007-06-04
Fedora	FEDORA-2007-0001	2007-06-01
Fedora	FEDORA-2007-552	2007-05-31
Fedora	FEDORA-2007-552	2007-05-31
Fedora	FEDORA-2007-552	2007-05-31
Fedora	FEDORA-2007-552	2007-05-31
Fedora	FEDORA-2007-550	2007-05-31
Fedora	FEDORA-2007-551	2007-05-31
Red Hat	RHSA-2007:0401-01	2007-05-30
Fedora	FEDORA-2007-539	2007-05-30
Fedora	FEDORA-2007-540	2007-05-30
Red Hat	RHSA-2007:0344-01	2007-05-30
Mandriva	MDKSA-2007:107	2007-05-19
Mandriva	MDKSA-2007:105	2007-05-17
Red Hat	RHSA-2007:0353-01	2007-05-17
Fedora	FEDORA-2007-484	2007-05-07
Fedora	FEDORA-2007-485	2007-05-07

(Log in to post comments)