Skip to navigation

CVE Database

CVE-2007-1558

Impact: Moderate
Public: 2007-04-02
Bugzilla: 241191: CVE-2007-1558 fetchmail/mutt/evolution/...: APOP password disclosure vulnerability

Details

The MITRE CVE dictionary describes this issue as:

The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.

Find out more about CVE-2007-1558 from the MITRE CVE dictionary and NIST NVD.

CVSS v2 metrics

Base Score: 2.6
Base Metrics: AV:N/AC:H/Au:N/C:P/I:N/A:N
Access Vector: Network
Access Complexity: High
Authentication: None
Confidentiality Impact: Partial
Integrity Impact: None
Availability Impact: None

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat security errata

Platform Errata Release Date
RHEL Optional Productivity Applications version 5 (thunderbird) RHSA-2007:0401 May 31, 2007
Red Hat Enterprise Linux Desktop version 5 (thunderbird) RHSA-2007:0401 May 31, 2007
Red Hat Enterprise Linux version 2.1 (fetchmail) RHSA-2007:0385 June 07, 2007
Red Hat Enterprise Linux version 2.1 (seamonkey) RHSA-2007:0402 May 31, 2007
Red Hat Enterprise Linux version 3 (evolution) RHSA-2007:0353 May 17, 2007
Red Hat Enterprise Linux version 3 (fetchmail) RHSA-2007:0385 June 07, 2007
Red Hat Enterprise Linux version 3 (mutt) RHSA-2007:0386 June 04, 2007
Red Hat Enterprise Linux version 3 (seamonkey) RHSA-2007:0402 May 31, 2007
Red Hat Enterprise Linux version 4 RHSA-2007:0402 May 31, 2007
Red Hat Enterprise Linux version 4 (evolution) RHSA-2007:0353 May 17, 2007
Red Hat Enterprise Linux version 4 (fetchmail) RHSA-2007:0385 June 07, 2007
Red Hat Enterprise Linux version 4 (mutt) RHSA-2007:0386 June 04, 2007
Red Hat Enterprise Linux version 4 (ruby) RHSA-2009:1140 July 02, 2009
Red Hat Enterprise Linux version 4 (thunderbird) RHSA-2007:0401 May 31, 2007
Red Hat Enterprise Linux version 5 (evolution-data-server) RHSA-2007:0344 May 30, 2007
Red Hat Enterprise Linux version 5 (fetchmail) RHSA-2007:0385 June 07, 2007
Red Hat Enterprise Linux version 5 (mutt) RHSA-2007:0386 June 04, 2007
Red Hat Enterprise Linux version 5 (ruby) RHSA-2009:1140 July 02, 2009

External References

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact the Red Hat Security Response Team.