CVE-2007-1558

NameCVE-2007-1558
DescriptionThe APOP protocol allows remote attackers to guess the first 3 charact ...
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1300-1, DSA-1305-1, DTSA-46-1, DTSA-47-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
balsa (PTS)jessie, wheezy2.4.12-1fixed
stretch2.4.12-3fixed
buster, sid2.5.6-2fixed
claws-mail (PTS)wheezy (security), wheezy (lts), wheezy3.8.1-2+deb7u1fixed
jessie, jessie (security)3.11.1-3+deb8u1fixed
stretch3.14.1-3fixed
buster, sid3.17.3-2fixed
fetchmail (PTS)wheezy6.3.21-4fixed
jessie6.3.26-1fixed
stretch6.3.26-3fixed
buster, sid6.4.0~beta4-3fixed
icedove (PTS)wheezy (security), wheezy (lts), wheezy1:52.3.0-4~deb7u2fixed
jessie1:52.3.0-4~deb8u2fixed
mailfilter (PTS)wheezy0.8.2-4fixed
jessie0.8.3-1fixed
stretch0.8.6-2fixed
buster, sid0.8.6-3fixed
mutt (PTS)wheezy (lts), wheezy1.5.21-6.2+deb7u4fixed
wheezy (security)1.5.21-6.2+deb7u3fixed
jessie1.5.23-3fixed
jessie (security)1.5.23-3+deb8u1fixed
stretch (security), stretch1.7.2-1+deb9u1fixed
buster, sid1.10.1-2.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
balsasource(unstable)2.3.17-1unimportant
claws-mailsource(unstable)2.9.1-1unimportant
fetchmailsource(unstable)6.3.8-1unimportant
fetchmailsourceetch6.3.6-1etch3
iceapesource(unstable)1.1.2-1
iceapesourceetch1.0.9-0etch1DSA-1300-1
iceapesourcelenny1.0.10~pre070720-0etch1+lenny1DTSA-47-1
icedovesource(unstable)2.0.0.4-1
icedovesourceetch1.5.0.12.dfsg1-0etch1DSA-1305-1
icedovesourcelenny1.5.0.12.dfsg1-0etch1+lenny1DTSA-46-1
mailfiltersource(unstable)0.8.2-1unimportant
muttsource(unstable)1.5.18-6unimportant

Notes

Affects various clients, but no practical security implications
MFSA2007-15
i couldn't pinpoint exact mutt fixed version, but lenny's version has the
patch and etch's version does not (http://dev.mutt.org/trac/ticket/2846)

Search for package or bug name: Reporting problems