CVE-2007-1558 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2007-1558 Interim 1 13 2025-11-05T06:22:06Z current 2021-05-30T12:38:24Z 2025-11-05T06:22:06Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2007-1558 The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JAOSB5RDI42SNMJTDLCQQCBLJ36GU7NK/#JAOSB5RDI42SNMJTDLCQQCBLJ36GU7NK E-Mail link for SUSE-SA:2007:036 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/E4V2V5YAO5FG72Q6B72F3C7QASMPOXAY/#E4V2V5YAO5FG72Q6B72F3C7QASMPOXAY E-Mail link for SUSE-SR:2007:014 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server 16.0 openSUSE Tumbleweed claws-mail-4.0.0-2.5 claws-mail-devel-4.0.0-2.5 claws-mail-lang-4.0.0-2.5 fetchmail-6.3.8.90-13.16.1 fetchmail-6.3.8.90-13.20.19.1 fetchmail-6.4.21-2.1 fetchmail-6.5.2-160000.2.2 fetchmailconf-6.3.8.90-13.16.1 fetchmailconf-6.3.8.90-13.20.19.1 fetchmailconf-6.4.21-2.1 mpop-1.4.14-1.1 mpop-doc-1.4.14-1.1 mutt-1.5.17-42.33.1 mutt-1.5.17-42.39.1 mutt-2.0.7-2.2 mutt-2.2.13-160000.2.2 mutt-doc-2.0.7-2.2 mutt-doc-2.2.13-160000.2.2 mutt-lang-2.0.7-2.2 mutt-lang-2.2.13-160000.2.2 fetchmail-6.3.8.90-13.16.1 as a component of SUSE Linux Enterprise Server 11 SP1 fetchmailconf-6.3.8.90-13.16.1 as a component of SUSE Linux Enterprise Server 11 SP1 mutt-1.5.17-42.33.1 as a component of SUSE Linux Enterprise Server 11 SP1 fetchmail-6.3.8.90-13.20.19.1 as a component of SUSE Linux Enterprise Server 11 SP2 fetchmailconf-6.3.8.90-13.20.19.1 as a component of SUSE Linux Enterprise Server 11 SP2 mutt-1.5.17-42.33.1 as a component of SUSE Linux Enterprise Server 11 SP2 fetchmail-6.3.8.90-13.20.19.1 as a component of SUSE Linux Enterprise Server 11 SP3 fetchmailconf-6.3.8.90-13.20.19.1 as a component of SUSE Linux Enterprise Server 11 SP3 mutt-1.5.17-42.33.1 as a component of SUSE Linux Enterprise Server 11 SP3 fetchmail-6.3.8.90-13.20.19.1 as a component of SUSE Linux Enterprise Server 11 SP4 fetchmailconf-6.3.8.90-13.20.19.1 as a component of SUSE Linux Enterprise Server 11 SP4 mutt-1.5.17-42.39.1 as a component of SUSE Linux Enterprise Server 11 SP4 fetchmail-6.5.2-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 mutt-2.2.13-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 mutt-doc-2.2.13-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 mutt-lang-2.2.13-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 claws-mail-4.0.0-2.5 as a component of openSUSE Tumbleweed claws-mail-devel-4.0.0-2.5 as a component of openSUSE Tumbleweed claws-mail-lang-4.0.0-2.5 as a component of openSUSE Tumbleweed fetchmail-6.4.21-2.1 as a component of openSUSE Tumbleweed fetchmailconf-6.4.21-2.1 as a component of openSUSE Tumbleweed mpop-1.4.14-1.1 as a component of openSUSE Tumbleweed mpop-doc-1.4.14-1.1 as a component of openSUSE Tumbleweed mutt-2.0.7-2.2 as a component of openSUSE Tumbleweed mutt-doc-2.0.7-2.2 as a component of openSUSE Tumbleweed mutt-lang-2.0.7-2.2 as a component of openSUSE Tumbleweed The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products. CVE-2007-1558 SUSE Linux Enterprise Server 11 SP1:fetchmail-6.3.8.90-13.16.1 SUSE Linux Enterprise Server 11 SP1:fetchmailconf-6.3.8.90-13.16.1 SUSE Linux Enterprise Server 11 SP1:mutt-1.5.17-42.33.1 SUSE Linux Enterprise Server 11 SP2:fetchmail-6.3.8.90-13.20.19.1 SUSE Linux Enterprise Server 11 SP2:fetchmailconf-6.3.8.90-13.20.19.1 SUSE Linux Enterprise Server 11 SP2:mutt-1.5.17-42.33.1 SUSE Linux Enterprise Server 11 SP3:fetchmail-6.3.8.90-13.20.19.1 SUSE Linux Enterprise Server 11 SP3:fetchmailconf-6.3.8.90-13.20.19.1 SUSE Linux Enterprise Server 11 SP3:mutt-1.5.17-42.33.1 SUSE Linux Enterprise Server 11 SP4:fetchmail-6.3.8.90-13.20.19.1 SUSE Linux Enterprise Server 11 SP4:fetchmailconf-6.3.8.90-13.20.19.1 SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.39.1 SUSE Linux Enterprise Server 16.0:fetchmail-6.5.2-160000.2.2 SUSE Linux Enterprise Server 16.0:mutt-2.2.13-160000.2.2 SUSE Linux Enterprise Server 16.0:mutt-doc-2.2.13-160000.2.2 SUSE Linux Enterprise Server 16.0:mutt-lang-2.2.13-160000.2.2 openSUSE Tumbleweed:claws-mail-4.0.0-2.5 openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5 openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5 openSUSE Tumbleweed:fetchmail-6.4.21-2.1 openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1 openSUSE Tumbleweed:mpop-1.4.14-1.1 openSUSE Tumbleweed:mpop-doc-1.4.14-1.1 openSUSE Tumbleweed:mutt-2.0.7-2.2 openSUSE Tumbleweed:mutt-doc-2.0.7-2.2 openSUSE Tumbleweed:mutt-lang-2.0.7-2.2 low 2.6 AV:N/AC:H/Au:N/C:P/I:N/A:N