CVE-2007-1558
icedove - several vulnerabilities
EPSS 13.4%
Description
The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.
How to fix CVE-2007-1558
To remediate CVE-2007-1558, upgrade the affected package to a fixed version below.
- —upgrade to 2.3.17-1 or later
- —upgrade to 2.9.1-1 or later
- —upgrade to 6.3.8-1 or later
- —upgrade to 1.5.0.12.dfsg1-0etch1 or later
- —upgrade to 1.5.0.12.dfsg1-0etch1+lenny1 or later
- —upgrade to 0.8.2-1 or later
- —upgrade to 1.5.18-6 or later
Is CVE-2007-1558 being exploited?
Moderate — EPSS is 13.4%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (7)
- from 0, < 2.3.17-1
- from 0, < 2.9.1-1
- from 0, < 6.3.8-1
- from 0, < 1.5.0.12.dfsg1-0etch1
- from 0, < 1.5.0.12.dfsg1-0etch1+lenny1
- from 0, < 0.8.2-1
- from 0, < 1.5.18-6