Upstream information
Description
The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
National Vulnerability Database | |
---|---|
Base Score | 2.6 |
Vector | AV:N/AC:H/Au:N/C:P/I:N/A:N |
Access Vector | Network |
Access Complexity | High |
Authentication | None |
Confidentiality Impact | Partial |
Integrity Impact | None |
Availability Impact | None |
- SUSE-SA:2007:036, published Wed, 27 Jun 2007 15:00:00 +0000
- SUSE-SR:2007:014, published Fri, 20 Jul 2007 12:00:00 +0000
List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
SUSE Linux Enterprise Server 11 SP1 |
| Patchnames: SUSE Linux Enterprise Server 11 SP1 GA fetchmail SUSE Linux Enterprise Server 11 SP1 GA mutt |
SUSE Linux Enterprise Server 11 SP2 |
| Patchnames: SUSE Linux Enterprise Server 11 SP2 GA fetchmail SUSE Linux Enterprise Server 11 SP2 GA mutt |
SUSE Linux Enterprise Server 11 SP3 |
| Patchnames: SUSE Linux Enterprise Server 11 SP3 GA fetchmail SUSE Linux Enterprise Server 11 SP3 GA mutt |
SUSE Linux Enterprise Server 11 SP4 |
| Patchnames: SUSE Linux Enterprise Server 11 SP4 GA fetchmail SUSE Linux Enterprise Server 11 SP4 GA mutt |
SUSE LINUX 10.1 |
| |
Novell Linux Desktop 9 for x86 |
|
core9.s390 core9.x86 YOU Patch Nr: 11551 |
Novell Linux Desktop 9 for x86_64 |
|
core9.s390 core9.x86 YOU Patch Nr: 11551 |
Open Enterprise Server |
|
core9.s390 core9.x86 YOU Patch Nr: 11551 |
SUSE LINUX 10.1 |
| |
SUSE LINUX Retail Solution 8 SuSE Linux Enterprise Server 8 for AMD64 SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries SuSE Linux Enterprise Server 8 for IBM zSeries SuSE Linux Enterprise Server 8 for IPF SuSE Linux Openexchange Server 4 SuSE Linux School Server for i386 SuSE Linux Standard Server 8 UnitedLinux 1.0 |
|
ul1.s390 slrs8.x86 YOU Patch Nr: 11547 |
SUSE LINUX 10.0 |
| |
SUSE LINUX 10.0 |
| |
SUSE LINUX 10.1 |
| |
SUSE LINUX 10.0 |
|