CVE-2007-1558

Source
https://nvd.nist.gov/vuln/detail/CVE-2007-1558
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2007-1558.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2007-1558
Related
Published
2007-04-16T22:19:00Z
Modified
2024-07-31T16:00:03Z
Summary
[none]
Details

The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.

References

Affected packages

Debian:11 / balsa

Package

Name
balsa
Purl
pkg:deb/debian/balsa?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.3.17-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / balsa

Package

Name
balsa
Purl
pkg:deb/debian/balsa?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.3.17-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:11 / claws-mail

Package

Name
claws-mail
Purl
pkg:deb/debian/claws-mail?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.9.1-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / claws-mail

Package

Name
claws-mail
Purl
pkg:deb/debian/claws-mail?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.9.1-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / claws-mail

Package

Name
claws-mail
Purl
pkg:deb/debian/claws-mail?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.9.1-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:11 / fetchmail

Package

Name
fetchmail
Purl
pkg:deb/debian/fetchmail?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.3.8-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / fetchmail

Package

Name
fetchmail
Purl
pkg:deb/debian/fetchmail?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.3.8-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / fetchmail

Package

Name
fetchmail
Purl
pkg:deb/debian/fetchmail?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.3.8-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:11 / mailfilter

Package

Name
mailfilter
Purl
pkg:deb/debian/mailfilter?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8.2-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / mailfilter

Package

Name
mailfilter
Purl
pkg:deb/debian/mailfilter?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8.2-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / mailfilter

Package

Name
mailfilter
Purl
pkg:deb/debian/mailfilter?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8.2-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:11 / mutt

Package

Name
mutt
Purl
pkg:deb/debian/mutt?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5.18-6

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / mutt

Package

Name
mutt
Purl
pkg:deb/debian/mutt?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5.18-6

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / mutt

Package

Name
mutt
Purl
pkg:deb/debian/mutt?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5.18-6

Ecosystem specific

{
    "urgency": "unimportant"
}