175022 – net-mail/fetchmail APOP design error (CVE-2007-1558)

Bug 175022 - net-mail/fetchmail APOP design error (CVE-2007-1558)

Summary: net-mail/fetchmail APOP design error (CVE-2007-1558)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://cve.mitre.org/cgi-bin/cvename....
Whiteboard:	B? [noglsa] jaervosz
Keywords:

Depends on:
Blocks:

Reported:	2007-04-18 05:24 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified:	2007-06-24 23:27 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2007-04-18 05:24:22 UTC

The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions.

Comment 1 Andrej Kacian (RETIRED) gentoo-dev

2007-04-18 06:30:45 UTC

From fetchmail-6.3.8's changelog:

fetchmail 6.3.8 (released 2007-04-06):

# SECURITY STRENGTHENING:
* Make the APOP challenge parser more distrustful and have it reject challenges
  that do not conform to RFC-822 msg-id format, in the hope to make mounting
  man-in-the-middle attacks (MITM) against APOP a bit more difficult.
  (CVE-2007-1558, reported by Gaëtan Leurent, published 2007-04-02 on Bugtraq)

  APOP is claimed insecure by Gaëtan Leurent for MITM scenarios for typical
  setups: based on MD5 collisions, it is purportedly possible to recover the
  first three characters of the shared secret (password), which would then make
  recovery of the shared secret a matter of hours or minutes; this would then
  enable the attacker to impersonate the client vis-à-vis the server.

  For further details, check
  * Gaëtan Leurent, "Message Freedom in MD4 and MD5 Collisions: Application
  to APOP", Fast Software Encryption 2007, Luxembourg. (Proceedings to appear in
  Springer's Lecture Notes on Computer Science.)
  * The mailing list discussion thread at
  <http://lists.berlios.de/pipermail/fetchmail-devel/2007-March/000887.html>

Comment 2 Andrej Kacian (RETIRED) gentoo-dev

2007-04-22 22:01:04 UTC

Um, I forgot to mention that 6.3.8 has been in the tree for quite some time now...

Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2007-04-30 09:13:17 UTC

Thx Ticho.

Arches please test and mark stable. Target keywords are:

fetchmail-6.3.8.ebuild:KEYWORDS="alpha amd64 arm hppa ia64 mips ppc ppc64 s390 sh sparc x86 ~x86-fbsd"

Comment 4 Raúl Porcel (RETIRED) gentoo-dev

2007-04-30 11:53:13 UTC

ia64 + x86 stable

Comment 5 Gustavo Zacarias (RETIRED) gentoo-dev

2007-04-30 12:27:07 UTC

sparc stable.

Comment 6 Steve Dibb (RETIRED) gentoo-dev

2007-04-30 13:50:51 UTC

amd64 stable

Comment 7 Markus Rothe (RETIRED) gentoo-dev

2007-05-01 09:23:13 UTC

ppc64 stable

Comment 8 Jeroen Roovers (RETIRED) gentoo-dev

2007-05-02 01:02:43 UTC

Stable for HPPA.

Comment 9 Bryan Østergaard (RETIRED) gentoo-dev

2007-05-02 12:53:33 UTC

Alpha done.

Comment 10 Tobias Scherbaum (RETIRED) gentoo-dev

2007-05-03 18:41:21 UTC

ppc stable, ready for GLSA voting

Comment 11 Pierre-Yves Rofes (RETIRED) gentoo-dev

2007-05-03 18:46:13 UTC

voting NO. 3 chars != full password, if someone uses a 3 chars password he has more serious problems to worry about :)

Comment 12 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2007-05-03 18:55:57 UTC

Voting NO and closing. Feel free to reopen if you disagree.

Comment 13 Joshua Kinard gentoo-dev

2007-05-13 00:05:04 UTC

mips stable.