APOP协议不安全MD5无用信息缺陷设计错误漏洞

漏洞信息详情

APOP协议不安全MD5无用信息缺陷设计错误漏洞

• CNNVD编号：CNNVD-200704-273
• 危害等级： 低危
  
  
• CVE编号：
  CVE-2007-1558
  
• 漏洞类型：
  
  
  设计错误
  
• 发布时间：
  
  2007-04-16
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2009-09-04
  
• 厂        商：
  
  apop_protocol
• 漏洞来源：
  Gatan LEURENT disc…

APOP协议中存在设计错误漏洞。远程攻击者可借助使用特制消息IDs和MD5冲突的中间人（MITM）攻击，猜测出密码的前三个字符。

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接：

Mozilla Thunderbird 1.5.0.5

Mozilla Thunderbird 1.5.0.12 for Linux

http://www.mozilla.com/products/download.html?product=thunderbird-1.5.

0.12&os=linux&lang=en-US

Mozilla Thunderbird 1.5.0.12 for Mac OS X

http://www.mozilla.com/products/download.html?product=thunderbird-1.5.

0.12&os=osx&lang=en-US

Mozilla Thunderbird 1.5.0.12 for Windows

http://www.mozilla.com/products/download.html?product=thunderbird-1.5.

0.12&os=win&lang=en-US

Mozilla Thunderbird 2.0.0.4 for Linux

http://www.mozilla.com/products/download.html?product=thunderbird-2.0.

0.0&os=linux&lang=en-US

Mozilla Thunderbird 2.0.0.4 for Mac OS X

http://www.mozilla.com/products/download.html?product=thunderbird-2.0.

0.0&os=osx&lang=en-US

Mozilla Thunderbird 2.0.0.4 for Windows

http://www.mozilla.com/products/download.html?product=thunderbird-2.0.

0.0&os=win&lang=en-US

Mozilla Thunderbird 1.5.0.8

Mozilla Thunderbird 1.5.0.12 for Linux

http://www.mozilla.com/products/download.html?product=thunderbird-1.5.

0.12&os=linux&lang=en-US

Mozilla Thunderbird 1.5.0.12 for Mac OS X

http://www.mozilla.com/products/download.html?product=thunderbird-1.5.

0.12&os=osx&lang=en-US

Mozilla Thunderbird 1.5.0.12 for Windows

http://www.mozilla.com/products/download.html?product=thunderbird-1.5.

0.12&os=win&lang=en-US

Mozilla Thunderbird 2.0.0.4 for Linux

http://www.mozilla.com/products/download.html?product=thunderbird-2.0.

0.0&os=linux&lang=en-US

Mozilla Thunderbird 2.0.0.4 for Mac OS X

http://www.mozilla.com/products/download.html?product=thunderbird-2.0.

0.0&os=osx&lang=en-US

Mozilla Thunderbird 2.0.0.4 for Windows

http://www.mozilla.com/products/download.html?product=thunderbird-2.0.

0.0&os=win&lang=en-US

Mozilla Thunderbird 0.7.2

Mozilla Thunderbird 1.5.0.12 for Linux

http://www.mozilla.com/products/download.html?product=thunderbird-1.5.

0.12&os=linux&lang=en-US

Mozilla Thunderbird 1.5.0.12 for Mac OS X

http://www.mozilla.com/products/download.html?product=thunderbird-1.5.

0.12&os=osx&lang=en-US

Mozilla Thunderbird 1.5.0.12 for Windows

http://www.mozilla.com/products/download.html?product=thunderbird-1.5.

0.12&os=win&lang=en-US

Mozilla Thunderbird 2.0.0.4 for Linux

http://www.mozilla.com/products/download.html?product=thunderbird-2.0.

0.0&os=linux&lang=en-US

Mozilla Thunderbird 2.0.0.4 for Mac OS X

http://www.mozilla.com/products/download.html?product=thunderbird-2.0.

0.0&os=osx&lang=en-US

Mozilla Thunderbird 2.0.0.4 for Windows

http://www.mozilla.com/products/download.html?product=thunderbird-2.0.

0.0&os=win&lang=en-US

Mozilla Thunderbird 0.7.3

Mozilla Thunderbird 1.5.0.12 for Linux

http://www.mozilla.com/products/download.html?product=thunderbird-1.5.

0.12&os=linux&lang=en-US

Mozilla Thunderbird 1.5.0.12 for Mac OS X

http://www.mozilla.com/products/download.html?product=thunderbird-1.5.

0.12&os=osx&lang=en-US

Mozilla Thunderbird 1.5.0.12 for Windows

http://www.mozilla.com/products/download.html?product=thunderbird-1.5.

0.12&os=win&lang=en-US

Mozilla Thunderbird 2.0.0.4 for Linux

http://www.mozilla.com/products/download.html?product=thunderbird-2.0.

0.0&os=linux&lang=en-US

Mozilla Thunderbird 2.0.0.4 for Mac OS X

http://www.mozilla.com/products/download.html?product=thunderbird-2.0.

0.0&os=osx&lang=en-US

Mozilla Thunderbird 2.0.0.4 for Windows

http://www.mozilla.com/products/download.html?product=thunderbird-2.0.

0.0&os=win&lang=en-US

Mozilla Thunderbird 0.8

Mozilla Thunderbird 1.5.0.12 for Linux

http://www.mozilla.com/products/download.html?product=thunderbird-1.5.

0.12&os=linux&lang=en-US

Mozilla Thunderbird 1.5.0.12 for Mac OS X

http://www.mozilla.com/products/download.html?product=thunderbird-1.5.

0.12&os=osx&lang=en-US

Mozilla Thunderbird 1.5.0.12 for Windows

http://www.mozilla.com/products/download.html?product=thunderbird-1.5.

0.12&os=win&lang=en-US

Mozilla Thunderbird 2.0.0.4 for Linux

http://www.mozilla.com/products/download.html?product=thunderbird-2.0.

0.0&os=linux&lang=en-US

Mozilla Thunderbird 2.0.0.4 for Mac OS X

http://www.mozilla.c

来源: TA07-151A

名称: TA07-151A

链接:http://www.us-cert.gov/cas/techalerts/TA07-151A.html

来源: BID

名称: 23257

链接:http://www.securityfocus.com/bid/23257

来源: /www.mozilla.org

链接:http://www.mozilla.org/security/announce/2007/mfsa2007-15.html

来源: VUPEN

名称: ADV-2007-1994

链接:http://www.frsirt.com/english/advisories/2007/1994

来源: VUPEN

名称: ADV-2007-1939

链接:http://www.frsirt.com/english/advisories/2007/1939

来源: VUPEN

名称: ADV-2007-1480

链接:http://www.frsirt.com/english/advisories/2007/1480

来源: VUPEN

名称: ADV-2007-1468

链接:http://www.frsirt.com/english/advisories/2007/1468

来源: VUPEN

名称: ADV-2007-1467

链接:http://www.frsirt.com/english/advisories/2007/1467

来源: VUPEN

名称: ADV-2007-1466

链接:http://www.frsirt.com/english/advisories/2007/1466

来源: DEBIAN

名称: DSA-1305

链接:http://www.debian.org/security/2007/dsa-1305

来源: issues.rpath.com

链接:https://issues.rpath.com/browse/RPL-1424

来源: issues.rpath.com

链接:https://issues.rpath.com/browse/RPL-1232

来源: issues.rpath.com

链接:https://issues.rpath.com/browse/RPL-1231

来源: UBUNTU

名称: USN-520-1

链接:http://www.ubuntu.com/usn/usn-520-1

来源: UBUNTU

名称: USN-469-1

链接:http://www.ubuntu.com/usn/usn-469-1

来源: SECTRACK

名称: 1018008

链接:http://www.securitytracker.com/id?1018008

来源: BUGTRAQ

名称: 20070620 FLEA-2007-0027-1: thunderbird

链接:http://www.securityfocus.com/archive/1/archive/1/471842/100/0/threaded

来源: BUGTRAQ

名称: 20070619 FLEA-2007-0026-1: evolution-data-server

链接:http://www.securityfocus.com/archive/1/archive/1/471720/100/0/threaded

来源: BUGTRAQ

名称: 20070615 rPSA-2007-0122-1 evolution-data-server

链接:http://www.securityfocus.com/archive/1/archive/1/471455/100/0/threaded

来源: BUGTRAQ

名称: 20070531 FLEA-2007-0023-1: firefox

链接:http://www.securityfocus.com/archive/1/archive/1/470172/100/200/threaded

来源: BUGTRAQ

名称: 20070403 Re: APOP vulnerability

链接:http://www.securityfocus.com/archive/1/archive/1/464569/100/0/threaded

来源: BUGTRAQ

名称: 20070402 APOP vulnerability

链接:http://www.securityfocus.com/archive/1/464477/30/0/threaded

来源: REDHAT

名称: RHSA-2009:1140

链接:http://www.redhat.com/support/errata/RHSA-2009-1140.html

来源: REDHAT

名称: RHSA-2007:0402

链接:http://www.redhat.com/support/errata/RHSA-2007-0402.html

来源: REDHAT

名称: RHSA-2007:0401

链接:http://www.redhat.com/support/errata/RHSA-2007-0401.html

来源: REDHAT

名称: RHSA-2007:0386

链接:http://www.redhat.com/support/errata/RHSA-2007-0386.html

来源: REDHAT

名称: RHSA-2007:0385

链接:http://www.redhat.com/support/errata/RHSA-2007-0385.html

来源: REDHAT

名称: RHSA-2007:0353

链接:http://www.redhat.com/support/errata/RHSA-2007-0353.html

来源: REDHAT

名称: RHSA-2007:0344

链接:http://www.redhat.com/support/errata/RHSA-2007-0344.html

来源: MLIST

名称: [oss-security] 20090818 Re: CVE-2007-1558 update (was: mailfilter 0.8.2 fixes CVE-2007-1558 (APOP))

链接:http://www.openwall.com/lists/oss-security/2009/08/18/1

来源: MLIST

名称: [oss-security] 20090815 mailfilter 0.8.2 fixes CVE-2007-1558 (APOP)

链接:http://www.openwall.com/lists/oss-security/2009/08/15/1

来源: SUSE

名称: SUSE-SA:2007:036

链接:http://www.novell.com/linux/security/advisories/2007_36_mozilla.html

来源: SUSE

名称: SUSE-SR:2007:014

链接:http://www.novell.com/linux/security/advisories/2007_14_sr.html

来源: MANDRIVA

名称: MDKSA-2007:131

链接:http://www.mandriva.com/security/advisories?name=MDKSA-2007:131

来源: MANDRIVA

名称: MDKSA-2007:119

链接:http://www.mandriva.com/security/advisories?name=MDKSA-2007:119

来源: MANDRIVA

名称: MDKSA-2007:113

链接:http://www.mandriva.com/security/advisories?name=MDKSA-2007:113

来源: MANDRIVA

名称: MDKSA-2007:107

链接:http://www.mandriva.com/security/advisories?name=MDKSA-2007:107

来源: MANDRIVA

名称: MDKSA-2007:105

链接:http://www.mandriva.com/security/advisories?name=MDKSA-2007:105

来源: DEBIAN

名称: DSA-1300

链接:http://www.debian.org/security/2007/dsa-1300

来源: www.claws-mail.org

链接:http://www.claws-mail.org/news.php

来源: sylpheed.sraoss.jp

链接:http://sylpheed.sraoss.jp/en/news.html

来源: sourceforge.net