CVE-2007-1558 — Fetchmail vulnerability

19 documents8 sources

Severity

2.6LOWNVD

EPSS

13.4%

top 5.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Claws-mail Fetchmail Gnome Balsa +1 more

Timeline

PublishedApr 16

Latest updateMay 3

Description

The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possi…

CVSS vector

AV:N/AC:H/C:P/I:N/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages4 packages

▶Debianmutt/mutt< 1.5.18-6+3

▶Debiangnome/balsa< 2.3.17-1+3

▶Debianfetchmail/fetchmail< 6.3.8-1+2

▶Debianclaws-mail/claws-mail< 2.9.1-1+3

Patches

Patch: www.debian.org ↗Patch: www.mozilla.org ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-jmh6-7c53-fg26: The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message↗2022-05-03

▶

OSV

CVE-2007-1558: The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message↗2007-04-16

▶

CVEList

CVE-2007-1558: The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message↗2007-04-16

▶

📋Vendor Advisories

Ubuntu

fetchmail vulnerabilities↗2007-09-26

▶

Ubuntu

Thunderbird vulnerabilities↗2007-06-06

▶

Red Hat

fetchmail/mutt/evolution/...: APOP password disclosure vulnerability↗2007-04-02

▶

Debian

CVE-2007-1558: balsa - The APOP protocol allows remote attackers to guess the first 3 characters of a p...↗2007

▶

💬Community

Bugzilla

CVE-2007-1362 Miltiple Thunderbird flaws (CVE-2007-1558, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2871)↗2007-06-18

▶

Bugzilla

CVE-2007-1362 Miltiple Thunderbird flaws (CVE-2007-1558, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2871)↗2007-05-31

▶

Bugzilla

CVE-2007-1362 Miltiple Seamonkey flaws (CVE-2007-1562, CVE-2007-1558, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)↗2007-05-31

▶

Bugzilla

CVE-2007-1362 Miltiple Seamonkey flaws (CVE-2007-1562, CVE-2007-1558, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)↗2007-05-29

▶

Bugzilla

CVE-2007-1362 Miltiple Thunderbird flaws (CVE-2007-1558, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2871)↗2007-05-29

▶