Vulnerabilities > CVE-2007-1558 - Unspecified vulnerability in Apop Protocol Apop Protocol

047910
CVSS 2.6 - LOW
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
high complexity
apop-protocol
nessus

Summary

The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.

Vulnerable Configurations

Part Description Count
Application
Apop_Protocol
1

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SEAMONKEY-3631.NASL
    descriptionThis update brings Mozilla SeaMonkey to security update version 1.1.2 - MFSA 2007-17 / CVE-2007-2871 : Chris Thomas demonstrated that XUL popups opened by web content could be placed outside the boundaries of the content area. This could be used to spoof or hide parts of the browser chrome such as the location bar. - MFSA 2007-16 / CVE-2007-2870 : Mozilla contributor moz_bug_r_a4 demonstrated that the addEventListener method could be used to inject script into another site in violation of the browser
    last seen2020-06-01
    modified2020-06-02
    plugin id27441
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27441
    titleopenSUSE 10 Security Update : seamonkey (seamonkey-3631)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update seamonkey-3631.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(27441);
      script_version ("1.16");
      script_cvs_date("Date: 2019/10/25 13:36:30");
    
      script_cve_id("CVE-2007-1362", "CVE-2007-1558", "CVE-2007-1562", "CVE-2007-2867", "CVE-2007-2868", "CVE-2007-2869", "CVE-2007-2870", "CVE-2007-2871");
    
      script_name(english:"openSUSE 10 Security Update : seamonkey (seamonkey-3631)");
      script_summary(english:"Check for the seamonkey-3631 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update brings Mozilla SeaMonkey to security update version 1.1.2
    
      - MFSA 2007-17 / CVE-2007-2871 :
    
        Chris Thomas demonstrated that XUL popups opened by web
        content could be placed outside the boundaries of the
        content area. This could be used to spoof or hide parts
        of the browser chrome such as the location bar.
    
      - MFSA 2007-16 / CVE-2007-2870 :
    
        Mozilla contributor moz_bug_r_a4 demonstrated that the
        addEventListener method could be used to inject script
        into another site in violation of the browser's
        same-origin policy. This could be used to access or
        modify private or valuable information from that other
        site.
    
      - MFSA 2007-15 / CVE-2007-1558 :
    
        Ga�tan Leurent informed us of a
        weakness in APOP authentication that could allow an
        attacker to recover the first part of your mail password
        if the attacker could interpose a malicious mail server
        on your network masquerading as your legitimate mail
        server. With normal settings it could take several hours
        for the attacker to gather enough data to recover just a
        few characters of the password. This result was
        presented at the Fast Software Encryption 2007
        conference. 
    
      - MFSA 2007-14 / CVE-2007-1362 :
    
        Nicolas Derouet reported two problems with cookie
        handling in Mozilla clients. Insufficient length checks
        could be use to exhaust browser memory and so to crash
        the browser or at least slow it done by a large degree.
    
        The second issue was that the cookie path and name
        values were not checked for the presence of the
        delimiter used for internal cookie storage, and if
        present this confused future interpretation of the
        cookie data. This is not considered to be exploitable.
    
      - MFSA 2007-13 / CVE-2007-2869 :
    
        Marcel reported that a malicious web page could perform
        a denial of service attack against the form autocomplete
        feature that would persist from session to session until
        the malicious form data was deleted. Filling a text
        field with millions of characters and submitting the
        form will cause the victim's browser to hang for up to
        several minutes while the form data is read, and this
        will happen the first time autocomplete is triggered
        after every browser restart. 
    
        No harm is done to the user's computer, but the
        frustration caused by the hang could prevent use of
        Thunderbird if users don't know how to clear the bad
        state.
    
      - MFSA 2007-12 / CVE-2007-2867 / CVE-2007-2868
    
        As part of the Thunderbird 2.0.0.4 and 1.5.0.12 update
        releases Mozilla developers fixed many bugs to improve
        the stability of the product. Some of these crashes that
        showed evidence of memory corruption under certain
        circumstances and we presume that with enough effort at
        least some of these could be exploited to run arbitrary
        code. 
    
        Without further investigation we cannot rule out the
        possibility that for some of these an attacker might be
        able to prepare memory for exploitation through some
        means other than JavaScript, such as large images.
    
      - MFSA 2007-11 / CVE-2007-1562 :
    
        Incorrect FTP PASV handling could be used by malicious
        ftp servers to do a rudimentary port scanning of for
        instance internal networks of the computer the browser
        is running on."
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected seamonkey packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_cwe_id(20, 94, 119);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-calendar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-irc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-mail");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-spellchecker");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-venkman");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/06/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE10\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE10.1", reference:"seamonkey-1.0.9-1.1") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"seamonkey-calendar-1.0.9-1.1") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"seamonkey-dom-inspector-1.0.9-1.1") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"seamonkey-irc-1.0.9-1.1") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"seamonkey-mail-1.0.9-1.1") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"seamonkey-spellchecker-1.0.9-1.1") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"seamonkey-venkman-1.0.9-1.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "seamonkey");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20070604_MUTT_ON_SL5_X.NASL
    descriptionA flaw was found in the way Mutt used temporary files on NFS file systems. Due to an implementation issue in the NFS protocol, Mutt was not able to exclusively open a new file. A local attacker could conduct a time-dependent attack and possibly gain access to e-mail attachments opened by a victim. (CVE-2006-5297) A flaw was found in the way Mutt processed certain APOP authentication requests. By sending certain responses when mutt attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user
    last seen2020-06-01
    modified2020-06-02
    plugin id60195
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60195
    titleScientific Linux Security Update : mutt on SL5.x, SL4.x, SL3.x i386/x86_64
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(60195);
      script_version("1.4");
      script_cvs_date("Date: 2019/10/25 13:36:17");
    
      script_cve_id("CVE-2006-5297", "CVE-2007-1558", "CVE-2007-2683");
    
      script_name(english:"Scientific Linux Security Update : mutt on SL5.x, SL4.x, SL3.x i386/x86_64");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Scientific Linux host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A flaw was found in the way Mutt used temporary files on NFS file
    systems. Due to an implementation issue in the NFS protocol, Mutt was
    not able to exclusively open a new file. A local attacker could
    conduct a time-dependent attack and possibly gain access to e-mail
    attachments opened by a victim. (CVE-2006-5297)
    
    A flaw was found in the way Mutt processed certain APOP authentication
    requests. By sending certain responses when mutt attempted to
    authenticate against an APOP server, a remote attacker could
    potentially acquire certain portions of a user's authentication
    credentials. (CVE-2007-1558)
    
    A flaw was found in the way Mutt handled certain characters in gecos
    fields which could lead to a buffer overflow. The gecos field is an
    entry in the password database typically used to record general
    information about the user. A local attacker could give themselves a
    carefully crafted 'Real Name' which could execute arbitrary code if a
    victim uses Mutt and expands the attackers alias. (CVE-2007-2683)"
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0706&L=scientific-linux-errata&T=0&P=840
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?57a3a75e"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected mutt package.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:S/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/06/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL3", reference:"mutt-1.4.1-5.el3")) flag++;
    
    if (rpm_check(release:"SL4", reference:"mutt-1.4.1-12.0.3.el4")) flag++;
    
    if (rpm_check(release:"SL5", reference:"mutt-1.4.2.2-3.0.2.el5")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
      else security_note(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-1140.NASL
    descriptionFrom Red Hat Security Advisory 2009:1140 : Updated ruby packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in the way the Ruby POP module processed certain APOP authentication requests. By sending certain responses when the Ruby APOP module attempted to authenticate using APOP against a POP server, a remote attacker could, potentially, acquire certain portions of a user
    last seen2020-06-01
    modified2020-06-02
    plugin id67889
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67889
    titleOracle Linux 4 / 5 : ruby (ELSA-2009-1140)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2009:1140 and 
    # Oracle Linux Security Advisory ELSA-2009-1140 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(67889);
      script_version("1.12");
      script_cvs_date("Date: 2019/10/25 13:36:08");
    
      script_cve_id("CVE-2007-1558", "CVE-2009-0642", "CVE-2009-1904");
      script_bugtraq_id(23257, 35278);
      script_xref(name:"RHSA", value:"2009:1140");
    
      script_name(english:"Oracle Linux 4 / 5 : ruby (ELSA-2009-1140)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2009:1140 :
    
    Updated ruby packages that fix multiple security issues are now
    available for Red Hat Enterprise Linux 4 and 5.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    Ruby is an extensible, interpreted, object-oriented, scripting
    language. It has features to process text files and to do system
    management tasks.
    
    A flaw was found in the way the Ruby POP module processed certain APOP
    authentication requests. By sending certain responses when the Ruby
    APOP module attempted to authenticate using APOP against a POP server,
    a remote attacker could, potentially, acquire certain portions of a
    user's authentication credentials. (CVE-2007-1558)
    
    It was discovered that Ruby did not properly check the return value
    when verifying X.509 certificates. This could, potentially, allow a
    remote attacker to present an invalid X.509 certificate, and have Ruby
    treat it as valid. (CVE-2009-0642)
    
    A flaw was found in the way Ruby converted BigDecimal objects to Float
    numbers. If an attacker were able to provide certain input for the
    BigDecimal object converter, they could crash an application using
    this class. (CVE-2009-1904)
    
    All Ruby users should upgrade to these updated packages, which contain
    backported patches to resolve these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2009-July/001069.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2009-July/001070.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected ruby packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(189, 287);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:irb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ruby");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ruby-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ruby-docs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ruby-irb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ruby-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ruby-mode");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ruby-rdoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ruby-ri");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ruby-tcltk");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/04/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/07/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 4 / 5", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL4", reference:"irb-1.8.1-7.0.1.el4_8.3")) flag++;
    if (rpm_check(release:"EL4", reference:"ruby-1.8.1-7.0.1.el4_8.3")) flag++;
    if (rpm_check(release:"EL4", reference:"ruby-devel-1.8.1-7.0.1.el4_8.3")) flag++;
    if (rpm_check(release:"EL4", reference:"ruby-docs-1.8.1-7.0.1.el4_8.3")) flag++;
    if (rpm_check(release:"EL4", reference:"ruby-libs-1.8.1-7.0.1.el4_8.3")) flag++;
    if (rpm_check(release:"EL4", reference:"ruby-mode-1.8.1-7.0.1.el4_8.3")) flag++;
    if (rpm_check(release:"EL4", reference:"ruby-tcltk-1.8.1-7.0.1.el4_8.3")) flag++;
    
    if (rpm_check(release:"EL5", reference:"ruby-1.8.5-5.el5_3.7")) flag++;
    if (rpm_check(release:"EL5", reference:"ruby-devel-1.8.5-5.el5_3.7")) flag++;
    if (rpm_check(release:"EL5", reference:"ruby-docs-1.8.5-5.el5_3.7")) flag++;
    if (rpm_check(release:"EL5", reference:"ruby-irb-1.8.5-5.el5_3.7")) flag++;
    if (rpm_check(release:"EL5", reference:"ruby-libs-1.8.5-5.el5_3.7")) flag++;
    if (rpm_check(release:"EL5", reference:"ruby-mode-1.8.5-5.el5_3.7")) flag++;
    if (rpm_check(release:"EL5", reference:"ruby-rdoc-1.8.5-5.el5_3.7")) flag++;
    if (rpm_check(release:"EL5", reference:"ruby-ri-1.8.5-5.el5_3.7")) flag++;
    if (rpm_check(release:"EL5", reference:"ruby-tcltk-1.8.5-5.el5_3.7")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "irb / ruby / ruby-devel / ruby-docs / ruby-irb / ruby-libs / etc");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-550.NASL
    descriptionUpdated thunderbird packages that fix several security bugs are now available for Fedora Core. This update has been rated as having critical security impact by the Fedora Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. (CVE-2007-2867, CVE-2007-2868) Several denial of service flaws were found in the way Thunderbird handled certain form and cookie data. A malicious website that is able to set arbitrary form and cookie data could prevent Thunderbird from functioning properly. (CVE-2007-1362, CVE-2007-2869) A flaw was found in the way Thunderbird processed certain APOP authentication requests. By sending certain responses when Thunderbird attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user
    last seen2020-06-01
    modified2020-06-02
    plugin id25376
    published2007-06-04
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25376
    titleFedora Core 6 : thunderbird-1.5.0.12-1.fc6 (2007-550)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2007-550.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(25376);
      script_version ("1.16");
      script_cvs_date("Date: 2019/08/02 13:32:26");
    
      script_xref(name:"FEDORA", value:"2007-550");
    
      script_name(english:"Fedora Core 6 : thunderbird-1.5.0.12-1.fc6 (2007-550)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora Core host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated thunderbird packages that fix several security bugs are now
    available for Fedora Core.
    
    This update has been rated as having critical security impact by the
    Fedora Security Response Team.
    
    Mozilla Thunderbird is a standalone mail and newsgroup client.
    
    Several flaws were found in the way Thunderbird processed certain
    malformed JavaScript code. A web page containing malicious JavaScript
    code could cause Thunderbird to crash or potentially execute arbitrary
    code as the user running Thunderbird. (CVE-2007-2867, CVE-2007-2868)
    
    Several denial of service flaws were found in the way Thunderbird
    handled certain form and cookie data. A malicious website that is able
    to set arbitrary form and cookie data could prevent Thunderbird from
    functioning properly. (CVE-2007-1362, CVE-2007-2869)
    
    A flaw was found in the way Thunderbird processed certain APOP
    authentication requests. By sending certain responses when Thunderbird
    attempted to authenticate against an APOP server, a remote attacker
    could potentially acquire certain portions of a user's authentication
    credentials. (CVE-2007-1558)
    
    A flaw was found in the way Thunderbird displayed certain web content.
    A malicious web page could generate content which could overlay user
    interface elements such as the hostname and security indicators,
    tricking users into thinking they are visiting a different site.
    (CVE-2007-2871)
    
    Users of Thunderbird are advised to apply this update, which contains
    Thunderbird version 1.5.0.12 that corrects these issues.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2007-May/001764.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ec6dde68"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected thunderbird and / or thunderbird-debuginfo
    packages."
      );
      script_set_attribute(attribute:"risk_factor", value:"High");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:thunderbird");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:thunderbird-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:6");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/05/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/06/04");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 6.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC6", reference:"thunderbird-1.5.0.12-1.fc6")) flag++;
    if (rpm_check(release:"FC6", reference:"thunderbird-debuginfo-1.5.0.12-1.fc6")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "thunderbird / thunderbird-debuginfo");
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-0386.NASL
    descriptionAn updated mutt package that fixes several security bugs is now available for Red Hat Enterprise Linux 3, 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mutt is a text-mode mail user agent. A flaw was found in the way Mutt used temporary files on NFS file systems. Due to an implementation issue in the NFS protocol, Mutt was not able to exclusively open a new file. A local attacker could conduct a time-dependent attack and possibly gain access to e-mail attachments opened by a victim. (CVE-2006-5297) A flaw was found in the way Mutt processed certain APOP authentication requests. By sending certain responses when mutt attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user
    last seen2020-06-01
    modified2020-06-02
    plugin id25403
    published2007-06-04
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25403
    titleCentOS 3 / 4 / 5 : mutt (CESA-2007:0386)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_C389D06DEE5711DBBD510016179B2DD5.NASL
    descriptionCVE reports : The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions.
    last seen2020-06-01
    modified2020-06-02
    plugin id25102
    published2007-04-30
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25102
    titleFreeBSD : claws-mail -- APOP vulnerability (c389d06d-ee57-11db-bd51-0016179b2dd5)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1140.NASL
    descriptionUpdated ruby packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in the way the Ruby POP module processed certain APOP authentication requests. By sending certain responses when the Ruby APOP module attempted to authenticate using APOP against a POP server, a remote attacker could, potentially, acquire certain portions of a user
    last seen2020-06-01
    modified2020-06-02
    plugin id39599
    published2009-07-03
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/39599
    titleRHEL 4 / 5 : ruby (RHSA-2009:1140)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-0401.NASL
    descriptionFrom Red Hat Security Advisory 2007:0401 : Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. (CVE-2007-2867, CVE-2007-2868) Several denial of service flaws were found in the way Thunderbird handled certain form and cookie data. A malicious website that is able to set arbitrary form and cookie data could prevent Thunderbird from functioning properly. (CVE-2007-1362, CVE-2007-2869) A flaw was found in the way Thunderbird processed certain APOP authentication requests. By sending certain responses when Thunderbird attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user
    last seen2020-06-01
    modified2020-06-02
    plugin id67510
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67510
    titleOracle Linux 4 : thunderbird (ELSA-2007-0401)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-0353.NASL
    descriptionUpdated evolution packages that fix a security bug are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Evolution is the GNOME collection of personal information management (PIM) tools. A flaw was found in the way Evolution processed certain APOP authentication requests. A remote attacker could potentially acquire certain portions of a user
    last seen2020-06-01
    modified2020-06-02
    plugin id25268
    published2007-05-20
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25268
    titleRHEL 3 / 4 : evolution (RHSA-2007:0353)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-0401.NASL
    descriptionUpdated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. (CVE-2007-2867, CVE-2007-2868) Several denial of service flaws were found in the way Thunderbird handled certain form and cookie data. A malicious website that is able to set arbitrary form and cookie data could prevent Thunderbird from functioning properly. (CVE-2007-1362, CVE-2007-2869) A flaw was found in the way Thunderbird processed certain APOP authentication requests. By sending certain responses when Thunderbird attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user
    last seen2020-06-01
    modified2020-06-02
    plugin id25366
    published2007-06-01
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25366
    titleRHEL 4 / 5 : thunderbird (RHSA-2007:0401)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-0402.NASL
    descriptionUpdated SeaMonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-2867, CVE-2007-2868) A flaw was found in the way SeaMonkey handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user
    last seen2020-06-01
    modified2020-06-02
    plugin id37778
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/37778
    titleCentOS 3 / 4 : seamonkey (CESA-2007:0402)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200706-06.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200706-06 (Mozilla products: Multiple vulnerabilities) Mozilla developers fixed several bugs involving memory corruption through various vectors (CVE-2007-2867, CVE-2007-2868). Additionally, several errors leading to crash, memory exhaustion or CPU consumption were fixed (CVE-2007-1362, CVE-2007-2869). Finally, errors related to the APOP protocol (CVE-2007-1558), XSS prevention (CVE-2007-2870) and spoofing prevention (CVE-2007-2871) were fixed. Impact : A remote attacker could entice a user to view a specially crafted web page that will trigger one of the vulnerabilities, possibly leading to the execution of arbitrary code or a Denial of Service. It is also possible for an attacker to spoof the address bar or other browser elements, obtain sensitive APOP information, or perform cross-site scripting attacks, leading to the exposure of sensitive information, like user credentials. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id25561
    published2007-06-21
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25561
    titleGLSA-200706-06 : Mozilla products: Multiple vulnerabilities
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-0344.NASL
    descriptionUpdated evolution-data-server package that fixes a security bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The evolution-data-server package provides a unified backend for programs that work with contacts, tasks, and calendar information. A flaw was found in the way evolution-data-server processed certain APOP authentication requests. By sending certain responses when evolution-data-server attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user
    last seen2020-06-01
    modified2020-06-02
    plugin id25353
    published2007-06-01
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25353
    titleCentOS 5 : evolution-data-server (CESA-2007:0344)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MUTT-3702.NASL
    descriptionThis update of mutt fixes a vulnerability in the APOP implementation that allows an active attacker to guess three bytes of the password. (CVE-2007-1558)
    last seen2020-06-01
    modified2020-06-02
    plugin id27354
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27354
    titleopenSUSE 10 Security Update : mutt (mutt-3702)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-0344.NASL
    descriptionFrom Red Hat Security Advisory 2007:0344 : Updated evolution-data-server package that fixes a security bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The evolution-data-server package provides a unified backend for programs that work with contacts, tasks, and calendar information. A flaw was found in the way evolution-data-server processed certain APOP authentication requests. By sending certain responses when evolution-data-server attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user
    last seen2020-06-01
    modified2020-06-02
    plugin id67492
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67492
    titleOracle Linux 5 : evolution-data-server (ELSA-2007-0344)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-0544.NASL
    descriptionThis update fixes two security issues found in the 2.0.0.0 version of Thunderbird. Details at: http://www.mozilla.org/security/announce/2007/mfsa2007-12.html http://www.mozilla.org/security/announce/2007/mfsa2007-15.html Users of Thunderbird are recommended to update to this erratum package which fixes those issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id27670
    published2007-11-06
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27670
    titleFedora 7 : thunderbird-2.0.0.4-1.fc7 (2007-0544)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-0402.NASL
    descriptionFrom Red Hat Security Advisory 2007:0402 : Updated SeaMonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-2867, CVE-2007-2868) A flaw was found in the way SeaMonkey handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user
    last seen2020-06-01
    modified2020-06-02
    plugin id67511
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67511
    titleOracle Linux 3 / 4 : seamonkey (ELSA-2007-0402)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-131.NASL
    descriptionA number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.4. This update provides the latest Thunderbird to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id37483
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/37483
    titleMandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2007:131)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2007-152-02.NASL
    descriptionNew mozilla-firefox and seamonkey packages are available for Slackware 10.2, 11.0, and -current to fix security issues. New thunderbird packages are are available for Slackware 10.2 and 11.0 to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id25374
    published2007-06-04
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25374
    titleSlackware 10.2 / 11.0 / current : firefox-seamonkey-thunderbird (SSA:2007-152-02)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20070530_EVOLUTION_DATA_SERVER_ON_SL5_X.NASL
    descriptionA flaw was found in the way evolution-data-server processed certain APOP authentication requests. By sending certain responses when evolution-data-server attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user
    last seen2020-06-01
    modified2020-06-02
    plugin id60190
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60190
    titleScientific Linux Security Update : evolution-data-server on SL5.x i386/x86_64
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-119.NASL
    descriptionA number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 1.5.0.12. This update provides the latest Thunderbird to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id25513
    published2007-06-14
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25513
    titleMandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2007:119)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-552.NASL
    descriptionUpdated seamonkey packages that fix several security bugs are now available for Fedora Core 5. This update has been rated as having critical security impact by the Fedora Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-2867, CVE-2007-2868) A flaw was found in the way SeaMonkey handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user
    last seen2020-06-01
    modified2020-06-02
    plugin id25378
    published2007-06-04
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25378
    titleFedora Core 5 : devhelp-0.11-7.fc5 / epiphany-2.14.3-6.fc5 / seamonkey-1.0.9-1.fc5 / etc (2007-552)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SEAMONKEY-3632.NASL
    descriptionThis update brings Mozilla SeaMonkey to security update version 1.1.2 - MFSA 2007-17 / CVE-2007-2871 : Chris Thomas demonstrated that XUL popups opened by web content could be placed outside the boundaries of the content area. This could be used to spoof or hide parts of the browser chrome such as the location bar. - MFSA 2007-16 / CVE-2007-2870 : Mozilla contributor moz_bug_r_a4 demonstrated that the addEventListener method could be used to inject script into another site in violation of the browser
    last seen2020-06-01
    modified2020-06-02
    plugin id27442
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27442
    titleopenSUSE 10 Security Update : seamonkey (seamonkey-3632)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20090702_RUBY_ON_SL4_X.NASL
    descriptionA flaw was found in the way the Ruby POP module processed certain APOP authentication requests. By sending certain responses when the Ruby APOP module attempted to authenticate using APOP against a POP server, a remote attacker could, potentially, acquire certain portions of a user
    last seen2020-06-01
    modified2020-06-02
    plugin id60613
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60613
    titleScientific Linux Security Update : ruby on SL4.x, SL5.x i386/x86_64
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-0401.NASL
    descriptionUpdated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. (CVE-2007-2867, CVE-2007-2868) Several denial of service flaws were found in the way Thunderbird handled certain form and cookie data. A malicious website that is able to set arbitrary form and cookie data could prevent Thunderbird from functioning properly. (CVE-2007-1362, CVE-2007-2869) A flaw was found in the way Thunderbird processed certain APOP authentication requests. By sending certain responses when Thunderbird attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user
    last seen2020-06-01
    modified2020-06-02
    plugin id38103
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/38103
    titleCentOS 4 / 5 : thunderbird (CESA-2007:0401)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-0385.NASL
    descriptionFrom Red Hat Security Advisory 2007:0385 : An updated fetchmail package that fixes a security bug is now available for Red Hat Enterprise Linux 2.1, 3, 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, like SLIP or PPP connections. A flaw was found in the way fetchmail processed certain APOP authentication requests. By sending certain responses when fetchmail attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user
    last seen2020-06-01
    modified2020-06-02
    plugin id67504
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67504
    titleOracle Linux 3 / 4 / 5 : fetchmail (ELSA-2007-0385)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20070607_FETCHMAIL_ON_SL5_X.NASL
    descriptionA flaw was found in the way fetchmail processed certain APOP authentication requests. By sending certain responses when fetchmail attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user
    last seen2020-06-01
    modified2020-06-02
    plugin id60196
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60196
    titleScientific Linux Security Update : fetchmail on SL5.x, SL4.x, SL3.x i386/x86_64
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-551.NASL
    descriptionUpdated thunderbird packages that fix several security bugs are now available for Fedora Core. This update has been rated as having critical security impact by the Fedora Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. (CVE-2007-2867, CVE-2007-2868) Several denial of service flaws were found in the way Thunderbird handled certain form and cookie data. A malicious website that is able to set arbitrary form and cookie data could prevent Thunderbird from functioning properly. (CVE-2007-1362, CVE-2007-2869) A flaw was found in the way Thunderbird processed certain APOP authentication requests. By sending certain responses when Thunderbird attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user
    last seen2020-06-01
    modified2020-06-02
    plugin id25377
    published2007-06-04
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25377
    titleFedora Core 5 : thunderbird-1.5.0.12-1.fc5 (2007-551)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-0353.NASL
    descriptionUpdated evolution packages that fix a security bug are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Evolution is the GNOME collection of personal information management (PIM) tools. A flaw was found in the way Evolution processed certain APOP authentication requests. A remote attacker could potentially acquire certain portions of a user
    last seen2020-06-01
    modified2020-06-02
    plugin id25255
    published2007-05-20
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25255
    titleCentOS 3 / 4 : evolution (CESA-2007:0353)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-0386.NASL
    descriptionFrom Red Hat Security Advisory 2007:0386 : An updated mutt package that fixes several security bugs is now available for Red Hat Enterprise Linux 3, 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mutt is a text-mode mail user agent. A flaw was found in the way Mutt used temporary files on NFS file systems. Due to an implementation issue in the NFS protocol, Mutt was not able to exclusively open a new file. A local attacker could conduct a time-dependent attack and possibly gain access to e-mail attachments opened by a victim. (CVE-2006-5297) A flaw was found in the way Mutt processed certain APOP authentication requests. By sending certain responses when mutt attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user
    last seen2020-06-01
    modified2020-06-02
    plugin id67505
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67505
    titleOracle Linux 3 / 4 / 5 : mutt (ELSA-2007-0386)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-540.NASL
    descriptionThis update fixes two security issues : The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. (CVE-2007-1558) Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via
    last seen2020-06-01
    modified2020-06-02
    plugin id25358
    published2007-06-01
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25358
    titleFedora Core 5 : mutt-1.4.2.1-8.fc5 (2007-540)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-0002.NASL
    descriptionThis update fixes two security issues : The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. (CVE-2007-1558) Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via
    last seen2020-06-01
    modified2020-06-02
    plugin id62264
    published2012-09-24
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/62264
    titleFedora 7 : mutt-1.5.14-4.fc7 (2007-0002)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-539.NASL
    descriptionThis update fixes two security issues : The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. (CVE-2007-1558) Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via
    last seen2020-06-01
    modified2020-06-02
    plugin id25357
    published2007-06-01
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25357
    titleFedora Core 6 : mutt-1.4.2.3-1.fc6 (2007-539)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLATHUNDERBIRD-3545.NASL
    descriptionThis update brings Mozilla Thunderbird to security update version 1.5.0.12. - MFSA 2007-17 / CVE-2007-2871 : Chris Thomas demonstrated that XUL popups opened by web content could be placed outside the boundaries of the content area. This could be used to spoof or hide parts of the browser chrome such as the location bar. - MFSA 2007-16 / CVE-2007-2870 : Mozilla contributor moz_bug_r_a4 demonstrated that the addEventListener method could be used to inject script into another site in violation of the browser
    last seen2020-06-01
    modified2020-06-02
    plugin id27130
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27130
    titleopenSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-3545)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20070517_EVOLUTION_ON_SL4_X.NASL
    descriptionA flaw was found in the way Evolution processed certain APOP authentication requests. A remote attacker could potentially acquire certain portions of a user
    last seen2020-06-01
    modified2020-06-02
    plugin id60182
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60182
    titleScientific Linux Security Update : evolution on SL4.x, SL3.x i386/x86_64
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-0385.NASL
    descriptionAn updated fetchmail package that fixes a security bug is now available for Red Hat Enterprise Linux 2.1, 3, 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, like SLIP or PPP connections. A flaw was found in the way fetchmail processed certain APOP authentication requests. By sending certain responses when fetchmail attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user
    last seen2020-06-01
    modified2020-06-02
    plugin id25454
    published2007-06-07
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25454
    titleRHEL 2.1 / 3 / 4 / 5 : fetchmail (RHSA-2007:0385)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MUTT-3751.NASL
    descriptionThis update of mutt fixes a vulnerability in the APOP implementation that allows an active attacker to guess three bytes of the password. (CVE-2007-1558)
    last seen2020-06-01
    modified2020-06-02
    plugin id27355
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27355
    titleopenSUSE 10 Security Update : mutt (mutt-3751)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MUTT-3752.NASL
    descriptionThis update of mutt fixes a vulnerability in the APOP implementation that allows an active attacker to guess three bytes of the password. (CVE-2007-1558)
    last seen2020-06-01
    modified2020-06-02
    plugin id29523
    published2007-12-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29523
    titleSuSE 10 Security Update : mutt (ZYPP Patch Number 3752)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-469-1.NASL
    descriptionGaetan Leurent showed a weakness in APOP authentication. An attacker posing as a trusted server could recover portions of the user
    last seen2020-06-01
    modified2020-06-02
    plugin id28069
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28069
    titleUbuntu 6.06 LTS / 6.10 / 7.04 : mozilla-thunderbird vulnerabilities (USN-469-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-0385.NASL
    descriptionAn updated fetchmail package that fixes a security bug is now available for Red Hat Enterprise Linux 2.1, 3, 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, like SLIP or PPP connections. A flaw was found in the way fetchmail processed certain APOP authentication requests. By sending certain responses when fetchmail attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user
    last seen2020-06-01
    modified2020-06-02
    plugin id25447
    published2007-06-07
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25447
    titleCentOS 3 / 4 / 5 : fetchmail (CESA-2007:0385)
  • NASL familyWindows
    NASL idMOZILLA_THUNDERBIRD_15012.NASL
    descriptionThe remote version of Mozilla Thunderbird suffers from various security issues, at least one that may lead to execution of arbitrary code on the affected host subject to the user
    last seen2020-06-01
    modified2020-06-02
    plugin id25350
    published2007-05-31
    reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25350
    titleMozilla Thunderbird < 1.5.0.12 Multiple Vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-0402.NASL
    descriptionUpdated SeaMonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-2867, CVE-2007-2868) A flaw was found in the way SeaMonkey handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user
    last seen2020-06-01
    modified2020-06-02
    plugin id25367
    published2007-06-01
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25367
    titleRHEL 2.1 / 3 / 4 : seamonkey (RHSA-2007:0402)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-1140.NASL
    descriptionUpdated ruby packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in the way the Ruby POP module processed certain APOP authentication requests. By sending certain responses when the Ruby APOP module attempted to authenticate using APOP against a POP server, a remote attacker could, potentially, acquire certain portions of a user
    last seen2020-06-01
    modified2020-06-02
    plugin id43767
    published2010-01-06
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43767
    titleCentOS 5 : ruby (CESA-2009:1140)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-0353.NASL
    descriptionFrom Red Hat Security Advisory 2007:0353 : Updated evolution packages that fix a security bug are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Evolution is the GNOME collection of personal information management (PIM) tools. A flaw was found in the way Evolution processed certain APOP authentication requests. A remote attacker could potentially acquire certain portions of a user
    last seen2020-06-01
    modified2020-06-02
    plugin id67498
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67498
    titleOracle Linux 3 / 4 : evolution (ELSA-2007-0353)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1300.NASL
    descriptionSeveral remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the SeaMonkey Internet Suite. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1362 Nicolas Derouet discovered that Iceape performs insufficient validation of cookies, which could lead to denial of service. - CVE-2007-1558 Gatan Leurent discovered a cryptographical weakness in APOP authentication, which reduces the required efforts for an MITM attack to intercept a password. The update enforces stricter validation, which prevents this attack. - CVE-2007-2867 Boris Zbarsky, Eli Friedman, Georgi Guninski, Jesse Ruderman, Martijn Wargers and Olli Pettay discovered crashes in the layout engine, which might allow the execution of arbitrary code. - CVE-2007-2868 Brendan Eich, Igor Bukanov, Jesse Ruderman,
    last seen2020-06-01
    modified2020-06-02
    plugin id25463
    published2007-06-12
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25463
    titleDebian DSA-1300-1 : iceape - several vulnerabilities
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20070530_THUNDERBIRD_ON_SL5_X.NASL
    descriptionSeveral flaws were found in the way Thunderbird processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. (CVE-2007-2867, CVE-2007-2868) Several denial of service flaws were found in the way Thunderbird handled certain form and cookie data. A malicious website that is able to set arbitrary form and cookie data could prevent Thunderbird from functioning properly. (CVE-2007-1362, CVE-2007-2869) A flaw was found in the way Thunderbird processed certain APOP authentication requests. By sending certain responses when Thunderbird attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user
    last seen2020-06-01
    modified2020-06-02
    plugin id60189
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60189
    titleScientific Linux Security Update : Thunderbird on SL5.x, SL4.x, SL3.x i386/x86_64
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-0344.NASL
    descriptionUpdated evolution-data-server package that fixes a security bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The evolution-data-server package provides a unified backend for programs that work with contacts, tasks, and calendar information. A flaw was found in the way evolution-data-server processed certain APOP authentication requests. By sending certain responses when evolution-data-server attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user
    last seen2020-06-01
    modified2020-06-02
    plugin id25362
    published2007-06-01
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25362
    titleRHEL 5 : evolution-data-server (RHSA-2007:0344)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-107.NASL
    descriptionA weakness in the way Evolution processed certain APOP authentication requests was discovered. A remote attacker could potentially obtain certain portions of a user
    last seen2020-06-01
    modified2020-06-02
    plugin id25266
    published2007-05-20
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25266
    titleMandrake Linux Security Advisory : evolution (MDKSA-2007:107)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-113.NASL
    descriptionA flaw in the way mutt processed certain APOP authentication requests was discovered. By sending certain responses when mutt attempted to authenticate again an APOP server, a remote attacker could possibly obtain certain portions of the user
    last seen2020-06-01
    modified2020-06-02
    plugin id25431
    published2007-06-05
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25431
    titleMandrake Linux Security Advisory : mutt (MDKSA-2007:113)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-520-1.NASL
    descriptionGaetan Leurent discovered a vulnerability in the APOP protocol based on MD5 collisions. As fetchmail supports the APOP protocol, this vulnerability can be used by attackers to discover a portion of the APOP user
    last seen2020-06-01
    modified2020-06-02
    plugin id28125
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28125
    titleUbuntu 6.06 LTS / 6.10 / 7.04 : fetchmail vulnerabilities (USN-520-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLATHUNDERBIRD-3546.NASL
    descriptionThis update brings Mozilla Thunderbird to security update version 1.5.0.12. - MFSA 2007-17 / CVE-2007-2871 : Chris Thomas demonstrated that XUL popups opened by web content could be placed outside the boundaries of the content area. This could be used to spoof or hide parts of the browser chrome such as the location bar. - MFSA 2007-16 / CVE-2007-2870 : Mozilla contributor moz_bug_r_a4 demonstrated that the addEventListener method could be used to inject script into another site in violation of the browser
    last seen2020-06-01
    modified2020-06-02
    plugin id27131
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27131
    titleopenSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-3546)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1305.NASL
    descriptionSeveral remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1558 Gatan Leurent discovered a cryptographical weakness in APOP authentication, which reduces the required efforts for an MITM attack to intercept a password. The update enforces stricter validation, which prevents this attack. - CVE-2007-2867 Boris Zbarsky, Eli Friedman, Georgi Guninski, Jesse Ruderman, Martijn Wargers and Olli Pettay discovered crashes in the layout engine, which might allow the execution of arbitrary code. - CVE-2007-2868 Brendan Eich, Igor Bukanov, Jesse Ruderman,
    last seen2020-06-01
    modified2020-06-02
    plugin id25504
    published2007-06-14
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25504
    titleDebian DSA-1305-1 : icedove - several vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-0386.NASL
    descriptionAn updated mutt package that fixes several security bugs is now available for Red Hat Enterprise Linux 3, 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mutt is a text-mode mail user agent. A flaw was found in the way Mutt used temporary files on NFS file systems. Due to an implementation issue in the NFS protocol, Mutt was not able to exclusively open a new file. A local attacker could conduct a time-dependent attack and possibly gain access to e-mail attachments opened by a victim. (CVE-2006-5297) A flaw was found in the way Mutt processed certain APOP authentication requests. By sending certain responses when mutt attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user
    last seen2020-06-01
    modified2020-06-02
    plugin id25404
    published2007-06-04
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25404
    titleRHEL 3 / 4 / 5 : mutt (RHSA-2007:0386)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-105.NASL
    descriptionThe APOP functionality in fetchmail
    last seen2020-06-01
    modified2020-06-02
    plugin id25265
    published2007-05-20
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25265
    titleMandrake Linux Security Advisory : fetchmail (MDKSA-2007:105)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_F1C4D133E6D311DB99EA0060084A00E5.NASL
    descriptionMatthias Andree reports : The POP3 standard, currently RFC-1939, has specified an optional, MD5-based authentication scheme called
    last seen2020-06-01
    modified2020-06-02
    plugin id25018
    published2007-04-10
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25018
    titleFreeBSD : fetchmail -- insecure APOP authentication (f1c4d133-e6d3-11db-99ea-0060084a00e5)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2007-005.NASL
    descriptionThe remote host is running a version of Mac OS X 10.4 or 10.3 that does not have Security Update 2007-005 applied. This update fixes security flaws in the following applications : Alias Manager BIND CoreGraphics crontabs fetchmail file iChat mDNSResponder PPP ruby screen texinfo VPN
    last seen2020-06-01
    modified2020-06-02
    plugin id25297
    published2007-05-25
    reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25297
    titleMac OS X Multiple Vulnerabilities (Security Update 2007-005)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20070530_SEAMONKEY_ON_SL4_X.NASL
    descriptionSeveral flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-2867, CVE-2007-2868) A flaw was found in the way SeaMonkey handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user
    last seen2020-06-01
    modified2020-06-02
    plugin id60194
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60194
    titleScientific Linux Security Update : seamonkey on SL4.x, SL3.x i386/x86_64
  • NASL familyWindows
    NASL idSEAMONKEY_109.NASL
    descriptionThe installed version of SeaMonkey contains various security issues, one of which could lead to execution of arbitrary code on the affected host subject to the user
    last seen2020-06-01
    modified2020-06-02
    plugin id25351
    published2007-05-31
    reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25351
    titleSeaMonkey < 1.0.9 / 1.1.2 Multiple Vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-1447.NASL
    descriptionBalsa is not really listed in the list but it also lacked the verification of the server challenge. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id27718
    published2007-11-06
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27718
    titleFedora 7 : balsa-2.3.17-2.fc7 (2007-1447)

Oval

accepted2013-04-29T04:22:08.786-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionThe APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.
familyunix
idoval:org.mitre.oval:def:9782
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleThe APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.
version27

Redhat

advisories
  • bugzilla
    id235289
    titleCVE-2007-1558 Evolution APOP information disclosure
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • commentevolution-data-server-devel is earlier than 0:1.8.0-15.0.3.el5
            ovaloval:com.redhat.rhsa:tst:20070344001
          • commentevolution-data-server-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070344002
        • AND
          • commentevolution-data-server is earlier than 0:1.8.0-15.0.3.el5
            ovaloval:com.redhat.rhsa:tst:20070344003
          • commentevolution-data-server is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070344004
    rhsa
    idRHSA-2007:0344
    released2007-05-30
    severityModerate
    titleRHSA-2007:0344: evolution-data-server security update (Moderate)
  • bugzilla
    id238565
    titleCVE-2007-1558 Evolution APOP information disclosure
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • OR
        • AND
          • commentevolution-devel is earlier than 0:2.0.2-35.0.2.el4
            ovaloval:com.redhat.rhsa:tst:20070353001
          • commentevolution-devel is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20070353002
        • AND
          • commentevolution is earlier than 0:2.0.2-35.0.2.el4
            ovaloval:com.redhat.rhsa:tst:20070353003
          • commentevolution is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20070353004
    rhsa
    idRHSA-2007:0353
    released2008-01-07
    severityModerate
    titleRHSA-2007:0353: evolution security update (Moderate)
  • bugzilla
    id241191
    titleCVE-2007-1558 fetchmail/mutt/evolution/...: APOP password disclosure vulnerability
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • commentfetchmail is earlier than 0:6.2.5-6.0.1.el4
        ovaloval:com.redhat.rhsa:tst:20070385001
      • commentfetchmail is signed with Red Hat master key
        ovaloval:com.redhat.rhsa:tst:20070018002
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • commentfetchmail is earlier than 0:6.3.6-1.0.1.el5
        ovaloval:com.redhat.rhsa:tst:20070385004
      • commentfetchmail is signed with Red Hat redhatrelease key
        ovaloval:com.redhat.rhsa:tst:20070385005
    rhsa
    idRHSA-2007:0385
    released2008-01-07
    severityModerate
    titleRHSA-2007:0385: fetchmail security update (Moderate)
  • rhsa
    idRHSA-2007:0386
  • rhsa
    idRHSA-2007:0401
  • rhsa
    idRHSA-2007:0402
  • rhsa
    idRHSA-2009:1140
rpms
  • evolution-data-server-0:1.8.0-15.0.3.el5
  • evolution-data-server-debuginfo-0:1.8.0-15.0.3.el5
  • evolution-data-server-devel-0:1.8.0-15.0.3.el5
  • evolution-0:1.4.5-20.el3
  • evolution-0:2.0.2-35.0.2.el4
  • evolution-debuginfo-0:1.4.5-20.el3
  • evolution-debuginfo-0:2.0.2-35.0.2.el4
  • evolution-devel-0:1.4.5-20.el3
  • evolution-devel-0:2.0.2-35.0.2.el4
  • fetchmail-0:5.9.0-21.7.3.el2.1.6
  • fetchmail-0:6.2.0-3.el3.4
  • fetchmail-0:6.2.5-6.0.1.el4
  • fetchmail-0:6.3.6-1.0.1.el5
  • fetchmail-debuginfo-0:6.2.0-3.el3.4
  • fetchmail-debuginfo-0:6.2.5-6.0.1.el4
  • fetchmail-debuginfo-0:6.3.6-1.0.1.el5
  • fetchmailconf-0:5.9.0-21.7.3.el2.1.6
  • mutt-5:1.4.1-12.0.3.el4
  • mutt-5:1.4.1-5.el3
  • mutt-5:1.4.2.2-3.0.2.el5
  • mutt-debuginfo-5:1.4.1-12.0.3.el4
  • mutt-debuginfo-5:1.4.1-5.el3
  • mutt-debuginfo-5:1.4.2.2-3.0.2.el5
  • thunderbird-0:1.5.0.12-0.1.el4
  • thunderbird-0:1.5.0.12-1.el5
  • thunderbird-debuginfo-0:1.5.0.12-0.1.el4
  • thunderbird-debuginfo-0:1.5.0.12-1.el5
  • devhelp-0:0.10-0.8.el4
  • devhelp-debuginfo-0:0.10-0.8.el4
  • devhelp-devel-0:0.10-0.8.el4
  • seamonkey-0:1.0.9-0.1.el2
  • seamonkey-0:1.0.9-0.1.el3
  • seamonkey-0:1.0.9-2.el4
  • seamonkey-chat-0:1.0.9-0.1.el2
  • seamonkey-chat-0:1.0.9-0.1.el3
  • seamonkey-chat-0:1.0.9-2.el4
  • seamonkey-debuginfo-0:1.0.9-0.1.el3
  • seamonkey-debuginfo-0:1.0.9-2.el4
  • seamonkey-devel-0:1.0.9-0.1.el2
  • seamonkey-devel-0:1.0.9-0.1.el3
  • seamonkey-devel-0:1.0.9-2.el4
  • seamonkey-dom-inspector-0:1.0.9-0.1.el2
  • seamonkey-dom-inspector-0:1.0.9-0.1.el3
  • seamonkey-dom-inspector-0:1.0.9-2.el4
  • seamonkey-js-debugger-0:1.0.9-0.1.el2
  • seamonkey-js-debugger-0:1.0.9-0.1.el3
  • seamonkey-js-debugger-0:1.0.9-2.el4
  • seamonkey-mail-0:1.0.9-0.1.el2
  • seamonkey-mail-0:1.0.9-0.1.el3
  • seamonkey-mail-0:1.0.9-2.el4
  • seamonkey-nspr-0:1.0.9-0.1.el2
  • seamonkey-nspr-0:1.0.9-0.1.el3
  • seamonkey-nspr-devel-0:1.0.9-0.1.el2
  • seamonkey-nspr-devel-0:1.0.9-0.1.el3
  • seamonkey-nss-0:1.0.9-0.1.el2
  • seamonkey-nss-0:1.0.9-0.1.el3
  • seamonkey-nss-devel-0:1.0.9-0.1.el2
  • seamonkey-nss-devel-0:1.0.9-0.1.el3
  • irb-0:1.8.1-7.el4_8.3
  • ruby-0:1.8.1-7.el4_8.3
  • ruby-0:1.8.5-5.el5_3.7
  • ruby-debuginfo-0:1.8.1-7.el4_8.3
  • ruby-debuginfo-0:1.8.5-5.el5_3.7
  • ruby-devel-0:1.8.1-7.el4_8.3
  • ruby-devel-0:1.8.5-5.el5_3.7
  • ruby-docs-0:1.8.1-7.el4_8.3
  • ruby-docs-0:1.8.5-5.el5_3.7
  • ruby-irb-0:1.8.5-5.el5_3.7
  • ruby-libs-0:1.8.1-7.el4_8.3
  • ruby-libs-0:1.8.5-5.el5_3.7
  • ruby-mode-0:1.8.1-7.el4_8.3
  • ruby-mode-0:1.8.5-5.el5_3.7
  • ruby-rdoc-0:1.8.5-5.el5_3.7
  • ruby-ri-0:1.8.5-5.el5_3.7
  • ruby-tcltk-0:1.8.1-7.el4_8.3
  • ruby-tcltk-0:1.8.5-5.el5_3.7

Seebug

bulletinFamilyexploit
descriptionApple Mac OS X是一款基于BSD的商业性质的操作系统。 Apple Mac OS X存在多个安全问题,远程攻击者可以利用漏洞进行拒绝服务,执行任意代码,提升特权等攻击。 CVE-ID: CVE-2007-0740 Alias Manager在部分条件可以使用户打开恶意文件,导致特权提升。 CVE-ID: CVE-2007-0493, CVE-2007-0494, CVE-2006-4095, CVE-2006-4096: BIND服务程序存在多个安全问题,可导致拒绝服务攻击。 CVE-ID: CVE-2007-0750 CoreGraphics在打开特殊构建的PDF文件时可触发溢出,导致任意代码执行。 CVE-ID: CVE-2007-0751 当每日清楚脚本执行时,/tmp目录中的挂接的文件系统可被删除。 CVE-ID: CVE-2007-1558 fetchmail加密存在安全问题,可导致泄露密码信息。 CVE-ID: CVE-2007-1536 运行file命令打开特殊构建的文件可导致任意代码执行或拒绝服务攻击。 CVE-ID: CVE-2007-2390 iChat用于在家用NAT网关上建立端口映射的UPnP IGD代码存在缓冲区溢出,构建恶意报文可导致任意代码执行。 CVE-ID: CVE-2007-0752 PPP守护进程在通过命令行装载插件时可导致特权提升。 CVE-ID: CVE-2006-5467, CVE-2006-6303 Ruby CGI库存在多个拒绝服务攻击。 CVE-ID: CVE-2006-4573 GNU Screen存在多个拒绝服务问题。 CVE-ID: CVE-2005-3011 texinfo存在漏洞允许任意文件被覆盖。 CVE-ID: CVE-2007-0753 vpnd存在格式串问题,可用于提升特权。 Cosmicperl Directory Pro 10.0.3 Apple Mac OS X Server 10.4.9 Apple Mac OS X Server 10.4.8 Apple Mac OS X Server 10.4.7 Apple Mac OS X Server 10.4.6 Apple Mac OS X Server 10.4.5 Apple Mac OS X Server 10.4.4 Apple Mac OS X Server 10.4.3 Apple Mac OS X Server 10.4.2 Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.4 Apple Mac OS X Server 10.3.9 Apple Mac OS X Server 10.3.8 Apple Mac OS X Server 10.3.7 Apple Mac OS X Server 10.3.6 Apple Mac OS X Server 10.3.5 Apple Mac OS X Server 10.3.4 Apple Mac OS X Server 10.3.3 Apple Mac OS X Server 10.3.2 Apple Mac OS X Server 10.3.1 Apple Mac OS X Server 10.3 Apple Mac OS X Server 10.2.8 Apple Mac OS X Server 10.2.7 Apple Mac OS X Server 10.2.6 Apple Mac OS X Server 10.2.5 Apple Mac OS X Server 10.2.4 Apple Mac OS X Server 10.2.3 Apple Mac OS X Server 10.2.2 Apple Mac OS X Server 10.2.1 Apple Mac OS X Server 10.2 Apple Mac OS X Server 10.1.5 Apple Mac OS X Server 10.1.4 Apple Mac OS X Server 10.1.3 Apple Mac OS X Server 10.1.2 Apple Mac OS X Server 10.1.1 Apple Mac OS X Server 10.1 Apple Mac OS X Server 10.0 Apple Mac OS X Preview.app 3.0.8 Apple Mac OS X 10.4.9 Apple Mac OS X 10.4.8 Apple Mac OS X 10.4.7 Apple Mac OS X 10.4.6 Apple Mac OS X 10.4.5 Apple Mac OS X 10.4.4 Apple Mac OS X 10.4.3 Apple Mac OS X 10.4.2 Apple Mac OS X 10.4.1 Apple Mac OS X 10.4 Apple Mac OS X 10.3.9 Apple Mac OS X 10.3.8 Apple Mac OS X 10.3.7 Apple Mac OS X 10.3.6 Apple Mac OS X 10.3.5 Apple Mac OS X 10.3.4 Apple Mac OS X 10.3.3 Apple Mac OS X 10.3.2 Apple Mac OS X 10.3.1 Apple Mac OS X 10.3 Apple Mac OS X 10.2.8 Apple Mac OS X 10.2.7 Apple Mac OS X 10.2.6 Apple Mac OS X 10.2.5 Apple Mac OS X 10.2.4 Apple Mac OS X 10.2.3 Apple Mac OS X 10.2.2 Apple Mac OS X 10.2.1 Apple Mac OS X 10.2 Apple Mac OS X 10.1.5 Apple Mac OS X 10.1.4 Apple Mac OS X 10.1.3 Apple Mac OS X 10.1.2 Apple Mac OS X 10.1.1 Apple Mac OS X 10.1 Apple Mac OS X 10.1 Apple Mac OS X 10.0.4 Apple Mac OS X 10.0.3 Apple Mac OS X 10.0.2 Apple Mac OS X 10.0.1 Apple Mac OS X 10.0 3 Apple Mac OS X 10.0 升级程序: Apple Mac OS X Server 10.3.9 * Apple SecUpdSrvr2007-005Pan.dmg <a href="http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13993&amp;cat=" target="_blank">http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13993&amp;cat=</a> 1&amp;platform=osx&amp;method=sa/SecUpdSrvr2007-005Pan.dmg Apple Mac OS X 10.3.9 * Apple SecUpd2007-005Pan.dmg <a href="http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13992&amp;cat=" target="_blank">http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13992&amp;cat=</a> 1&amp;platform=osx&amp;method=sa/SecUpd2007-005Pan.dmg Apple Mac OS X Server 10.4.9 * Apple SecUpd2007-005Ti.dmg <a href="http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13995&amp;cat=" target="_blank">http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13995&amp;cat=</a> 1&amp;platform=osx&amp;method=sa/SecUpd2007-005Ti.dmg * Apple SecUpd2007-005Univ.dmg <a href="http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13998&amp;cat=" target="_blank">http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13998&amp;cat=</a> 1&amp;platform=osx&amp;method=sa/SecUpd2007-005Univ.dmg Apple Mac OS X 10.4.9 * Apple SecUpd2007-005Ti.dmg <a href="http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13995&amp;cat=" target="_blank">http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13995&amp;cat=</a> 1&amp;platform=osx&amp;method=sa/SecUpd2007-005Ti.dmg * Apple SecUpd2007-005Univ.dmg <a href="http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13998&amp;cat=" target="_blank">http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13998&amp;cat=</a> 1&amp;platform=osx&amp;method=sa/SecUpd2007-005Univ.dmg
idSSV:1795
last seen2017-11-19
modified2007-05-25
published2007-05-25
reporterRoot
titleApple Mac OS X 2007-005多个安全漏洞

References