Podatność CVE-2007-1558
Publikacja: 2007-04-16   Modyfikacja: 2012-02-12

Opis:
The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.

Typ:

CWE-Other

CVSS2 => (AV:N/AC:H/Au:N/C:P/I:N/A:N)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
2.6/10
2.9/10
4.9/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Zdalny
Wysoka
Nie wymagana
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Częściowy
Brak
Brak
Affected software
Apop protocol -> Apop protocol 

 Referencje:
ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc
http://balsa.gnome.org/download.html
http://docs.info.apple.com/article.html?artnum=305530
http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
http://lists.apple.com/archives/security-announce/2007/May/msg00004.html
http://mail.gnome.org/archives/balsa-list/2007-July/msg00000.html
http://security.gentoo.org/glsa/glsa-200706-06.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857
http://sourceforge.net/forum/forum.php?forum_id=683706
http://sylpheed.sraoss.jp/en/news.html
http://www.claws-mail.org/news.php
http://www.debian.org/security/2007/dsa-1300
http://www.debian.org/security/2007/dsa-1305
http://www.mandriva.com/security/advisories?name=MDKSA-2007:105
http://www.mandriva.com/security/advisories?name=MDKSA-2007:107
http://www.mandriva.com/security/advisories?name=MDKSA-2007:113
http://www.mandriva.com/security/advisories?name=MDKSA-2007:119
http://www.mandriva.com/security/advisories?name=MDKSA-2007:131
http://www.mozilla.org/security/announce/2007/mfsa2007-15.html
http://www.novell.com/linux/security/advisories/2007_14_sr.html
http://www.novell.com/linux/security/advisories/2007_36_mozilla.html
http://www.openwall.com/lists/oss-security/2009/08/15/1
http://www.openwall.com/lists/oss-security/2009/08/18/1
http://www.redhat.com/support/errata/RHSA-2007-0344.html
http://www.redhat.com/support/errata/RHSA-2007-0353.html
http://www.redhat.com/support/errata/RHSA-2007-0385.html
http://www.redhat.com/support/errata/RHSA-2007-0386.html
http://www.redhat.com/support/errata/RHSA-2007-0401.html
http://www.redhat.com/support/errata/RHSA-2007-0402.html
http://www.redhat.com/support/errata/RHSA-2009-1140.html
http://www.securityfocus.com/archive/1/464477/30/0/threaded
http://www.securityfocus.com/archive/1/464569/100/0/threaded
http://www.securityfocus.com/archive/1/470172/100/200/threaded
http://www.securityfocus.com/archive/1/471455/100/0/threaded
http://www.securityfocus.com/archive/1/471720/100/0/threaded
http://www.securityfocus.com/archive/1/471842/100/0/threaded
http://www.securityfocus.com/bid/23257
http://www.securitytracker.com/id?1018008
http://www.ubuntu.com/usn/usn-469-1
http://www.ubuntu.com/usn/usn-520-1
http://www.us-cert.gov/cas/techalerts/TA07-151A.html
http://www.vupen.com/english/advisories/2007/1466
http://www.vupen.com/english/advisories/2007/1467
http://www.vupen.com/english/advisories/2007/1468
http://www.vupen.com/english/advisories/2007/1480
http://www.vupen.com/english/advisories/2007/1939
http://www.vupen.com/english/advisories/2007/1994
http://www.vupen.com/english/advisories/2007/2788
http://www.vupen.com/english/advisories/2008/0082
https://issues.rpath.com/browse/RPL-1231
https://issues.rpath.com/browse/RPL-1232
https://issues.rpath.com/browse/RPL-1424
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9782
Copyright 2024, cxsecurity.com

 

Back to Top