Rapid7 Vulnerability & Exploit Database

ELSA-2007-0385 Moderate: Enterprise Release 4 fetchmail security update

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

ELSA-2007-0385 Moderate: Enterprise Release 4 fetchmail security update

Severity

CVSS

(AV:N/AC:H/Au:N/C:P/I:N/A:N)

Published

04/16/2007

Created

07/25/2018

Added

12/20/2011

Modified

07/04/2017

Description

The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.

Solution(s)

oracle-linux-upgrade-fetchmail

References

https://attackerkb.com/topics/cve-2007-1558
APPLE-SA-2007-05-24
23257
TA07-151A
CVE - 2007-1558
DSA-1300
DSA-1305
OVAL9782
RHSA-2007:0344
RHSA-2007:0353
RHSA-2007:0385
RHSA-2007:0386
RHSA-2007:0401
RHSA-2007:0402
RHSA-2009:1140
20070602-01-P
SUSE-SA:2007:036
http://oss.oracle.com/pipermail/el-errata/2007-June/000169.html
http://oss.oracle.com/pipermail/el-errata/2007-June/000170.html
http://oss.oracle.com/pipermail/el-errata/2007-June/000215.html

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;