Bug 241191 (CVE-2007-1558)

Summary: CVE-2007-1558 fetchmail/mutt/evolution/...: APOP password disclosure vulnerability
Product: [Other] Security Response Reporter: Mark J. Cox <mjc>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: jrusnack, kreilly
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-05-08 17:49:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 235289, 238565, 241194, 241196, 241197, 241198, 241199, 241200, 241201, 241202, 505085, 505086, 505087, 505088, 838048    
Bug Blocks:    
Attachments:
Description Flags
Local copy of Gaëtan Leurent's paper none

Description Mark J. Cox 2007-05-24 12:19:38 UTC 
"A flaw was found in the way fetchmail processed certain APOP authentication
requests. By sending certain responses when fetchmail attempted to authenticate
against an APOP server, a remote attacker could potentially acquire certain
portions of a user's authentication credentials. (CVE-2007-1558) 

http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt
https://developer.berlios.de/project/shownotes.php?group_id=1824&release_id=12610
http://www.securityfocus.com/archive/1/464477/30/0/threaded
Comment 1 Mark J. Cox 2007-05-24 12:33:15 UTC 
Also mutt, See
        http://dev.mutt.org/trac/ticket/2846
Comment 4 Tomas Hoger 2009-06-10 08:50:43 UTC 
Created attachment 347172 [details]
Local copy of Gaëtan Leurent's paper

Downloaded from:
  http://www.eleves.ens.fr/home/leurent/files/APOP_FSE07.pdf
Comment 5 Tomas Hoger 2009-06-10 08:59:35 UTC 
This issue was addressed in multiple mail clients, for detailed list see:

  https://rhn.redhat.com/errata/CVE-2007-1558.html

fetchmail:
  https://rhn.redhat.com/errata/RHSA-2007-0385.html

mutt:
  https://rhn.redhat.com/errata/RHSA-2007-0386.html

evolution / evolution-data-server:
  https://rhn.redhat.com/errata/RHSA-2007-0344.html
  https://rhn.redhat.com/errata/RHSA-2007-0353.html

thunderbird:
  https://rhn.redhat.com/errata/RHSA-2007-0401.html

seamonkey:
  https://rhn.redhat.com/errata/RHSA-2007-0402.html
Comment 6 Tomas Hoger 2009-06-10 09:07:24 UTC 
This issue was also addressed in ruby's pop module in ruby versions 1.8.7-p160 and 1.8.6-p368:
http://www.ruby-lang.org/en/news/2009/04/18/ruby-1-8-7-p160-and-1-8-6-p368-released/

Upstream ruby patch:
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=19776
Comment 8 errata-xmlrpc 2009-07-02 17:03:42 UTC 
This issue has been addressed in ruby packages in following products:

  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 5

Via RHSA-2009:1140 https://rhn.redhat.com/errata/RHSA-2009-1140.html