Note Earl's regression fix for SSL_CTX_clear_options() on older OpenSSL.

[~andy/fetchmail] / fetchmail-SA-2009-01.txt

diff --git a/fetchmail-SA-2009-01.txt b/fetchmail-SA-2009-01.txt
index 06b7a9c572881e7f022c6e4024a0014a2f3a9896..eb50a9e822d9ba9e84b3367936f331704bbbfc7c 100644 (file)
--- a/fetchmail-SA-2009-01.txt
+++ b/fetchmail-SA-2009-01.txt
@@ -1,21 +1,23 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+

 fetchmail-SA-2009-01: Improper SSL certificate subject verification
 
 Topics:                Improper SSL certificate subject verification
 
 Author:                Matthias Andree
 Version:       1.0
 fetchmail-SA-2009-01: Improper SSL certificate subject verification
 
 Topics:                Improper SSL certificate subject verification
 
 Author:                Matthias Andree
 Version:       1.0

-Announced:     2009-08-XX
+Announced:     2009-08-06

 Type:          Allows undetected Man-in-the-middle attacks against SSL/TLS.
 Impact:                Credential disclose to eavesdroppers.
 Type:          Allows undetected Man-in-the-middle attacks against SSL/TLS.
 Impact:                Credential disclose to eavesdroppers.

-Danger:                low
-CVSS V2 vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C)
+Danger:                medium
+CVSSv2 vectors:        (AV:N/AC:M/Au:N/C:P/I:N/A:N) (E:H/RL:OF/RC:C)

 
 

-Credits:       
-CVE Name:      CVE-2009-xxxx
+CVE Name:      CVE-2009-2666

 URL:           http://www.fetchmail.info/fetchmail-SA-2009-01.txt
 Project URL:   http://www.fetchmail.info/
 
 URL:           http://www.fetchmail.info/fetchmail-SA-2009-01.txt
 Project URL:   http://www.fetchmail.info/
 

-Affects:       fetchmail release before and excluding 6.3.11
+Affects:       fetchmail releases up to and including 6.3.10

 
 Not affected:  fetchmail release 6.3.11 and newer
 
 
 Not affected:  fetchmail release 6.3.11 and newer
 


@@ -33,6 +35,7 @@ References:   "Null Prefix Attacks Against SSL/TLS Certificates",
 ==================
 
 2009-08-05 0.1 first draft (visible in SVN)
 ==================
 
 2009-08-05 0.1 first draft (visible in SVN)

+2009-08-06 1.0 first release

 
 
 1. Background
 
 
 1. Background


@@ -50,13 +53,26 @@ run time.
 
 Moxie Marlinspike demonstrated in July 2009 that some CAs would sign
 certificates that contain embedded NUL characters in the Common Name or
 
 Moxie Marlinspike demonstrated in July 2009 that some CAs would sign
 certificates that contain embedded NUL characters in the Common Name or

-subjectAltName fields of ITU-T X.509 certificates. Applications what
-would treat such strings in X.509 as NUL-terminated C strings (rather
-than strings that contain an explicit length field) would only
-check the part up to and excluding the NUL character, so that
+subjectAltName fields of ITU-T X.509 certificates.
+
+Applications that would treat such X.509 strings as NUL-terminated C
+strings (rather than strings that contain an explicit length field)
+would only check the part up to and excluding the NUL character, so that

 certificate names such as www.good.example\0www.bad.example.com would be
 certificate names such as www.good.example\0www.bad.example.com would be

-mistaken as a certificate name for www.good.example. The CA however
-would usually sign example.com and not care about the subdomain.
+mistaken as a certificate name for www.good.example.  fetchmail also had
+this design and implementation flaw.
+
+Note that fetchmail should always be forced to use strict certificate
+validation through either of these option combinations:
+
+    --sslcertck --ssl --sslproto ssl3    (for service on SSL-wrapped ports)
+or
+    --sslcertck --sslproto tls1          (for STARTTLS-based services)
+
+(These are for the command line, in the rcfile, you will need to omit
+the respective leading --).
+
+The default is relaxed checking for compatibility with historic versions.

 
 
 3. Solution
 
 
 3. Solution


@@ -86,15 +102,17 @@ A. Copyright, License and Warranty
 (C) Copyright 2009 by Matthias Andree, <matthias.andree@gmx.de>.
 Some rights reserved.
 
 (C) Copyright 2009 by Matthias Andree, <matthias.andree@gmx.de>.
 Some rights reserved.
 

-This work is licensed under the Creative Commons
-Attribution-Noncommercial-No Derivative Works 3.0 Germany License.
+This work is licensed under the
+Creative Commons Attribution-NoDerivs 3.0 Germany License (CC BY-ND 3.0).
+

 To view a copy of this license, visit
 To view a copy of this license, visit

-http://creativecommons.org/licenses/by-nc-nd/3.0/de/ or send a letter to
+http://creativecommons.org/licenses/by-nd/3.0/de/deed.en
+or send a letter to:

 
 Creative Commons
 
 Creative Commons

-171 Second Street
-Suite 300
-SAN FRANCISCO, CALIFORNIA 94105
+444 Castro Street
+Suite 900
+MOUNTAIN VIEW, CALIFORNIA 94041

 USA
 
 
 USA
 
 


@@ -116,7 +134,7 @@ so try this if the patch does not apply.
 
 Index: socket.c
 ===================================================================
 
 Index: socket.c
 ===================================================================

---- ./socket.c~
+- --- ./socket.c~

 +++ ./socket.c
 @@ -632,6 +632,12 @@
                                report(stderr, GT_("Bad certificate: Subject CommonName too long!\n"));
 +++ ./socket.c
 @@ -632,6 +632,12 @@
                                report(stderr, GT_("Bad certificate: Subject CommonName too long!\n"));


@@ -131,13 +149,13 @@ Index: socket.c
                        if (_ssl_server_cname != NULL) {
                                char *p1 = buf;
                                char *p2 = _ssl_server_cname;
                        if (_ssl_server_cname != NULL) {
                                char *p1 = buf;
                                char *p2 = _ssl_server_cname;

-@@ -643,14 +649,21 @@
+@@ -643,11 +649,18 @@

                                 * first find a match among alternative names */
                                gens = (STACK_OF(GENERAL_NAME) *)X509_get_ext_d2i(x509_cert, NID_subject_alt_name, NULL, NULL);
                                if (gens) {
                                 * first find a match among alternative names */
                                gens = (STACK_OF(GENERAL_NAME) *)X509_get_ext_d2i(x509_cert, NID_subject_alt_name, NULL, NULL);
                                if (gens) {

--                                      int i, r;
--                                      for (i = 0, r = sk_GENERAL_NAME_num(gens); i < r; ++i) {
--                                              const GENERAL_NAME *gn = sk_GENERAL_NAME_value(gens, i);
+- -                                    int i, r;
+- -                                    for (i = 0, r = sk_GENERAL_NAME_num(gens); i < r; ++i) {
+- -                                            const GENERAL_NAME *gn = sk_GENERAL_NAME_value(gens, i);

 +                                      int j, r;
 +                                      for (j = 0, r = sk_GENERAL_NAME_num(gens); j < r; ++j) {
 +                                              const GENERAL_NAME *gn = sk_GENERAL_NAME_value(gens, j);
 +                                      int j, r;
 +                                      for (j = 0, r = sk_GENERAL_NAME_num(gens); j < r; ++j) {
 +                                              const GENERAL_NAME *gn = sk_GENERAL_NAME_value(gens, j);


@@ -152,10 +170,13 @@ Index: socket.c
 +                                                              return 0;
 +                                                      }
                                                        if (outlevel >= O_VERBOSE)
 +                                                              return 0;
 +                                                      }
                                                        if (outlevel >= O_VERBOSE)

--                                                              report(stderr, "Subject Alternative Name: %s\n", p1);
-+                                                              report(stdout, GT_("Subject Alternative Name: %s\n"), p1);
-                                                       if (*p1 == '*') {
-                                                               ++p1;
-                                                               n = strlen(p2) - strlen(p1);
+                                                               report(stderr, "Subject Alternative Name: %s\n", p1);

 
 END OF fetchmail-SA-2009-01.txt
 
 END OF fetchmail-SA-2009-01.txt

+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.11 (GNU/Linux)
+
+iEYEARECAAYFAk9/Yg4ACgkQvmGDOQUufZUQ7ACgheMkM4k7NLg6cz8ys3jk9C/P
+uxgAnRzc38wIDR+8Pio9CmDLheOcuskK
+=OYqf
+-----END PGP SIGNATURE-----