CVE-2007-1558

EPSS 13.4%

icedove - several vulnerabilities

發布日:2007/4/16修改日:2026/3/9

也稱為:DSA-1305-1DEBIAN-CVE-2007-1558DEBIAN-CVE-2007-2867DEBIAN-CVE-2007-2868DTSA-46-1

描述

The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.

受影響套件(7)

Debian/balsafrom 0, < 2.3.17-1
Debian/claws-mailfrom 0, < 2.9.1-1
Debian/fetchmailfrom 0, < 6.3.8-1
Debian/icedovefrom 0, < 1.5.0.12.dfsg1-0etch1
Debian/icedovefrom 0, < 1.5.0.12.dfsg1-0etch1+lenny1
Debian/mailfilterfrom 0, < 0.8.2-1
Debian/muttfrom 0, < 1.5.18-6

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2007-1558