Oval Definition:oval:org.mitre.oval:def:9782
Revision Date:2013-04-29Version:12
Title:The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.
Description:The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2007-1558
Platform(s):CentOS Linux 3
CentOS Linux 4
CentOS Linux 5
Oracle Linux 4
Oracle Linux 5
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Product(s):
Definition Synopsis
  • OS Section: RHEL3, CentOS3
  • RHEL3 or CentOS3
  • The operating system installed on the system is Red Hat Enterprise Linux 3
  • OR CentOS Linux 3.x
  • AND Configuration section
  • seamonkey-nspr is earlier than 0:1.0.9-0.1.el3
  • OR seamonkey-js-debugger is earlier than 0:1.0.9-0.1.el3
  • OR seamonkey-nss-devel is earlier than 0:1.0.9-0.1.el3
  • OR seamonkey is earlier than 0:1.0.9-0.1.el3
  • OR seamonkey-nspr-devel is earlier than 0:1.0.9-0.1.el3
  • OR evolution is earlier than 0:1.4.5-20.el3
  • OR seamonkey-mail is earlier than 0:1.0.9-0.1.el3
  • OR fetchmail is earlier than 0:6.2.0-3.el3.4
  • OR mutt is earlier than 5:1.4.1-5.el3
  • OR seamonkey-chat is earlier than 0:1.0.9-0.1.el3
  • OR seamonkey-nss is earlier than 0:1.0.9-0.1.el3
  • OR seamonkey-devel is earlier than 0:1.0.9-0.1.el3
  • OR seamonkey-dom-inspector is earlier than 0:1.0.9-0.1.el3
  • OR evolution-devel is earlier than 0:1.4.5-20.el3
  • OR OS Section: RHEL4, CentOS4, Oracle Linux 4
  • RHEL4, CentOS4 or Oracle Linux 4
  • The operating system installed on the system is Red Hat Enterprise Linux 4
  • OR CentOS Linux 4.x
  • OR Oracle Linux 4.x
  • AND Configuration section
  • seamonkey-js-debugger is earlier than 0:1.0.9-2.el4
  • OR seamonkey-nss-devel is earlier than 0:1.0.9-2.el4
  • OR irb is earlier than 0:1.8.1-7.el4_8.3
  • OR seamonkey-nss is earlier than 0:1.0.9-2.el4
  • OR devhelp-devel is earlier than 0:0.10-0.8.el4
  • OR ruby-docs is earlier than 0:1.8.1-7.el4_8.3
  • OR ruby-mode is earlier than 0:1.8.1-7.el4_8.3
  • OR seamonkey-nspr is earlier than 0:1.0.9-2.el4
  • OR ruby-devel is earlier than 0:1.8.1-7.el4_8.3
  • OR thunderbird is earlier than 0:1.5.0.12-0.1.el4
  • OR ruby is earlier than 0:1.8.1-7.el4_8.3
  • OR ruby-libs is earlier than 0:1.8.1-7.el4_8.3
  • OR seamonkey is earlier than 0:1.0.9-2.el4
  • OR seamonkey-nspr-devel is earlier than 0:1.0.9-2.el4
  • OR devhelp is earlier than 0:0.10-0.8.el4
  • OR evolution is earlier than 0:2.0.2-35.0.2.el4
  • OR seamonkey-mail is earlier than 0:1.0.9-2.el4
  • OR mutt is earlier than 5:1.4.1-12.0.3.el4
  • OR fetchmail is earlier than 0:6.2.5-6.0.1.el4
  • OR ruby-tcltk is earlier than 0:1.8.1-7.el4_8.3
  • OR seamonkey-chat is earlier than 0:1.0.9-2.el4
  • OR seamonkey-devel is earlier than 0:1.0.9-2.el4
  • OR seamonkey-dom-inspector is earlier than 0:1.0.9-2.el4
  • OR evolution-devel is earlier than 0:2.0.2-35.0.2.el4
  • OR OS Section: RHEL5, CentOS5, Oracle Linux 5
  • RHEL5, CentOS5 or Oracle Linux 5
  • The operating system installed on the system is Red Hat Enterprise Linux 5
  • OR The operating system installed on the system is CentOS Linux 5.x
  • OR Oracle Linux 5.x
  • AND Configuration section
  • ruby-ri is earlier than 0:1.8.5-5.el5_3.7
  • OR ruby-mode is earlier than 0:1.8.5-5.el5_3.7
  • OR ruby-docs is earlier than 0:1.8.5-5.el5_3.7
  • OR ruby-devel is earlier than 0:1.8.5-5.el5_3.7
  • OR thunderbird is earlier than 0:1.5.0.12-1.el5
  • OR ruby is earlier than 0:1.8.5-5.el5_3.7
  • OR ruby-libs is earlier than 0:1.8.5-5.el5_3.7
  • OR evolution-data-server-devel is earlier than 0:1.8.0-15.0.3.el5
  • OR evolution-data-server is earlier than 0:1.8.0-15.0.3.el5
  • OR fetchmail is earlier than 0:6.3.6-1.0.1.el5
  • OR mutt is earlier than 5:1.4.2.2-3.0.2.el5
  • OR ruby-tcltk is earlier than 0:1.8.5-5.el5_3.7
  • OR ruby-rdoc is earlier than 0:1.8.5-5.el5_3.7
  • OR ruby-irb is earlier than 0:1.8.5-5.el5_3.7
    • BACK