Bug 175022 - net-mail/fetchmail APOP design error (CVE-2007-1558)
Bug#: 175022 Product:  Gentoo Security Version: unspecified Platform: All
OS/Version: Linux Status: RESOLVED Severity: normal Priority: P2
Resolution: FIXED Assigned To: security@gentoo.org Reported By: jaervosz@gentoo.org
Component: Vulnerabilities
URL:  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558
Summary: net-mail/fetchmail APOP design error (CVE-2007-1558)
Keywords:  
Status Whiteboard: B? [noglsa] jaervosz
Opened: 2007-04-18 05:24 0000
Description:   Opened: 2007-04-18 05:24 0000 
The APOP protocol allows remote attackers to guess the first 3 characters of a
password via man-in-the-middle (MITM) attacks that use crafted message IDs and
MD5 collisions.

------- Comment #1 From Andrej Kacian (RETIRED) 2007-04-18 06:30:45 0000 ------- 
From fetchmail-6.3.8's changelog:

fetchmail 6.3.8 (released 2007-04-06):

# SECURITY STRENGTHENING:
* Make the APOP challenge parser more distrustful and have it reject challenges
  that do not conform to RFC-822 msg-id format, in the hope to make mounting
  man-in-the-middle attacks (MITM) against APOP a bit more difficult.
  (CVE-2007-1558, reported by Gaëtan Leurent, published 2007-04-02 on Bugtraq)

  APOP is claimed insecure by Gaëtan Leurent for MITM scenarios for typical
  setups: based on MD5 collisions, it is purportedly possible to recover the
  first three characters of the shared secret (password), which would then make
  recovery of the shared secret a matter of hours or minutes; this would then
  enable the attacker to impersonate the client vis-à-vis the server.

  For further details, check
  * Gaëtan Leurent, "Message Freedom in MD4 and MD5 Collisions: Application
  to APOP", Fast Software Encryption 2007, Luxembourg. (Proceedings to appear
in
  Springer's Lecture Notes on Computer Science.)
  * The mailing list discussion thread at
  <http://lists.berlios.de/pipermail/fetchmail-devel/2007-March/000887.html>

------- Comment #2 From Andrej Kacian (RETIRED) 2007-04-22 22:01:04 0000 ------- 
Um, I forgot to mention that 6.3.8 has been in the tree for quite some time
now...

------- Comment #3 From Sune Kloppenborg Jeppesen 2007-04-30 09:13:17 0000 ------- 
Thx Ticho.

Arches please test and mark stable. Target keywords are:

fetchmail-6.3.8.ebuild:KEYWORDS="alpha amd64 arm hppa ia64 mips ppc ppc64 s390
sh sparc x86 ~x86-fbsd"

------- Comment #4 From Raúl Porcel 2007-04-30 11:53:13 0000 ------- 
ia64 + x86 stable

------- Comment #5 From Gustavo Zacarias (RETIRED) 2007-04-30 12:27:07 0000 ------- 
sparc stable.

------- Comment #6 From Steve Dibb 2007-04-30 13:50:51 0000 ------- 
amd64 stable

------- Comment #7 From Markus Rothe 2007-05-01 09:23:13 0000 ------- 
ppc64 stable

------- Comment #8 From Jeroen Roovers 2007-05-02 01:02:43 0000 ------- 
Stable for HPPA.

------- Comment #9 From Bryan Østergaard (RETIRED) 2007-05-02 12:53:33 0000 ------- 
Alpha done.

------- Comment #10 From Tobias Scherbaum 2007-05-03 18:41:21 0000 ------- 
ppc stable, ready for GLSA voting

------- Comment #11 From Pierre-Yves Rofes 2007-05-03 18:46:13 0000 ------- 
voting NO. 3 chars != full password, if someone uses a 3 chars password he has
more serious problems to worry about :)

------- Comment #12 From Sune Kloppenborg Jeppesen 2007-05-03 18:55:57 0000 ------- 
Voting NO and closing. Feel free to reopen if you disagree.

------- Comment #13 From Joshua Kinard 2007-05-13 00:05:04 0000 ------- 
mips stable.