Ubuntu Security Notice 520-1 - Gaetan Leurent discovered a vulnerability in the APOP protocol based on MD5 collisions. As fetchmail supports the APOP protocol, this vulnerability can be used by attackers to discover a portion of the APOP user's authentication credentials. Earl Chew discovered that fetchmail can be made to de-reference a NULL pointer when contacting SMTP servers. This vulnerability can be used by attackers who control the SMTP server to crash fetchmail and cause a denial of service.
08fdf822b219ed0f0abf8b3431b5a4c1910e9651393d36ef7b66b19ca7021083Ubuntu Security Notice 469-2 - USN-469-1 fixed vulnerabilities in the Mozilla Thunderbird email client. The updated Thunderbird version broken compatibility with the Enigmail plugin. This update corrects the problem.
8e1b261ceeef6cffcc178f44f558988397050cac9c40d5173daa90ae2fd5c21aMandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.4.
2ae6428185a83a199fc21f5a307823d348f3b7c79bcacfa5610dac600f89cfcfGentoo Linux Security Advisory GLSA 200706-06 - Mozilla developers fixed several bugs involving memory corruption through various vectors (CVE-2007-2867, CVE-2007-2868). Additionally, several errors leading to crash, memory exhaustion or CPU consumption were fixed (CVE-2007-1362, CVE-2007-2869). Finally, errors related to the APOP protocol (CVE-2007-1558), XSS prevention (CVE-2007-2870) and spoofing prevention (CVE-2007-2871) were fixed. Versions less than 2.0.0.4 are affected.
a7d915b8dee1a1dbf0130d00d257b5daf6d8bdba894d7bee66a3e62a661019beDebian Security Advisory 1305-1 - Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client.
0aa0b2bc037576d5074dbba295a1cec4a714fb97fb3ebabd1ab70e4e8705b623Mandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 1.5.0.12.
76c642b06bdcff92f2063c63aedf99375f7ca9bdec594e6055084f0462ab6d23Debian Security Advisory 1300-1 - Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite.
7fc7a7b6d6952143215e911bdea946407cd298d970de34a748285d388edd4ee5Ubuntu Security Notice 469-1 - A weakness in APOP authentication has been discovered in Mozilla Thunderbird. Additionally, various flaws were discovered in the layout and JavaScript engines.
6a5b07673c9e18ef70ac98fb87c93a90eab38f92f0d5ba20debaed79ea4449caMandriva Linux Security Advisory - A flaw in the way mutt processed certain APOP authentication requests was discovered. By sending certain responses when mutt attempted to authenticate again an APOP server, a remote attacker could possibly obtain certain portions of the user's authentication credentials. A flaw in how mutt handled certain characters in gecos fields could lead to a buffer overflow. A local user able to give themselves a carefully crafted Real Name could potentially execute arbitrary code if a victim used mutt to expand the attacker's alias.
6b8cbb2e3edb1a00296f3e4bc93c26ce131049a4ce5778da0a2b2e45ec352ecfMandriva Linux Security Advisory - A weakness in the way Evolution processed certain APOP authentication requests was discovered. A remote attacker could potentially obtain certain portions of a user's authentication credentials by sending certain responses when evolution-data-server attempted to authenticate against an APOP server.
88a8d83ba018f4e2a3d230e9063e4af99d477841cd6d098e3d92212910df8dcdMandriva Linux Security Advisory - The APOP functionality in fetchmail's POP3 client implementation was validating the APOP challenge too lightly, accepting random garbage as a POP3 server's APOP challenge, rather than insisting it conform to RFC-822 specifications. As a result of this flaw, it made man-in-the-middle attacks easier than necessary to retrieve the first few characters of the APOP secret, allowing them to potentially brute force the remaining characters easier than should be possible.
8cdc70d5729c5675cf32e4e2d8660e221d4d94e509a0e9ae2fb7c330fc5f4e4dA security vulnerability has been discovered in the APOP protocol that is related to the recent collision attacks by Wang and al. against MD5. Using the man in the middle setting, one can recover the first characters of the password with a few hundred authentications from the client.
1fccafc2839ce661bb7e5f89bcf320907774aa2b78dffb56ed7fbb10b9eeb375
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed