X-Git-Url: http://pileus.org/git/?a=blobdiff_plain;f=fetchmail-SA-2009-01.txt;h=eb50a9e822d9ba9e84b3367936f331704bbbfc7c;hb=4260a265b2da01ba1a9757ffb2693db898349ecc;hp=06b7a9c572881e7f022c6e4024a0014a2f3a9896;hpb=3341cc4c85b751239db0fd9f3800f71a16d6cdc9;p=~andy%2Ffetchmail diff --git a/fetchmail-SA-2009-01.txt b/fetchmail-SA-2009-01.txt index 06b7a9c5..eb50a9e8 100644 --- a/fetchmail-SA-2009-01.txt +++ b/fetchmail-SA-2009-01.txt @@ -1,21 +1,23 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + fetchmail-SA-2009-01: Improper SSL certificate subject verification Topics: Improper SSL certificate subject verification Author: Matthias Andree Version: 1.0 -Announced: 2009-08-XX +Announced: 2009-08-06 Type: Allows undetected Man-in-the-middle attacks against SSL/TLS. Impact: Credential disclose to eavesdroppers. -Danger: low -CVSS V2 vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C) +Danger: medium +CVSSv2 vectors: (AV:N/AC:M/Au:N/C:P/I:N/A:N) (E:H/RL:OF/RC:C) -Credits: -CVE Name: CVE-2009-xxxx +CVE Name: CVE-2009-2666 URL: http://www.fetchmail.info/fetchmail-SA-2009-01.txt Project URL: http://www.fetchmail.info/ -Affects: fetchmail release before and excluding 6.3.11 +Affects: fetchmail releases up to and including 6.3.10 Not affected: fetchmail release 6.3.11 and newer @@ -33,6 +35,7 @@ References: "Null Prefix Attacks Against SSL/TLS Certificates", ================== 2009-08-05 0.1 first draft (visible in SVN) +2009-08-06 1.0 first release 1. Background @@ -50,13 +53,26 @@ run time. Moxie Marlinspike demonstrated in July 2009 that some CAs would sign certificates that contain embedded NUL characters in the Common Name or -subjectAltName fields of ITU-T X.509 certificates. Applications what -would treat such strings in X.509 as NUL-terminated C strings (rather -than strings that contain an explicit length field) would only -check the part up to and excluding the NUL character, so that +subjectAltName fields of ITU-T X.509 certificates. + +Applications that would treat such X.509 strings as NUL-terminated C +strings (rather than strings that contain an explicit length field) +would only check the part up to and excluding the NUL character, so that certificate names such as www.good.example\0www.bad.example.com would be -mistaken as a certificate name for www.good.example. The CA however -would usually sign example.com and not care about the subdomain. +mistaken as a certificate name for www.good.example. fetchmail also had +this design and implementation flaw. + +Note that fetchmail should always be forced to use strict certificate +validation through either of these option combinations: + + --sslcertck --ssl --sslproto ssl3 (for service on SSL-wrapped ports) +or + --sslcertck --sslproto tls1 (for STARTTLS-based services) + +(These are for the command line, in the rcfile, you will need to omit +the respective leading --). + +The default is relaxed checking for compatibility with historic versions. 3. Solution @@ -86,15 +102,17 @@ A. Copyright, License and Warranty (C) Copyright 2009 by Matthias Andree, . Some rights reserved. -This work is licensed under the Creative Commons -Attribution-Noncommercial-No Derivative Works 3.0 Germany License. +This work is licensed under the +Creative Commons Attribution-NoDerivs 3.0 Germany License (CC BY-ND 3.0). + To view a copy of this license, visit -http://creativecommons.org/licenses/by-nc-nd/3.0/de/ or send a letter to +http://creativecommons.org/licenses/by-nd/3.0/de/deed.en +or send a letter to: Creative Commons -171 Second Street -Suite 300 -SAN FRANCISCO, CALIFORNIA 94105 +444 Castro Street +Suite 900 +MOUNTAIN VIEW, CALIFORNIA 94041 USA @@ -116,7 +134,7 @@ so try this if the patch does not apply. Index: socket.c =================================================================== ---- ./socket.c~ +- --- ./socket.c~ +++ ./socket.c @@ -632,6 +632,12 @@ report(stderr, GT_("Bad certificate: Subject CommonName too long!\n")); @@ -131,13 +149,13 @@ Index: socket.c if (_ssl_server_cname != NULL) { char *p1 = buf; char *p2 = _ssl_server_cname; -@@ -643,14 +649,21 @@ +@@ -643,11 +649,18 @@ * first find a match among alternative names */ gens = (STACK_OF(GENERAL_NAME) *)X509_get_ext_d2i(x509_cert, NID_subject_alt_name, NULL, NULL); if (gens) { -- int i, r; -- for (i = 0, r = sk_GENERAL_NAME_num(gens); i < r; ++i) { -- const GENERAL_NAME *gn = sk_GENERAL_NAME_value(gens, i); +- - int i, r; +- - for (i = 0, r = sk_GENERAL_NAME_num(gens); i < r; ++i) { +- - const GENERAL_NAME *gn = sk_GENERAL_NAME_value(gens, i); + int j, r; + for (j = 0, r = sk_GENERAL_NAME_num(gens); j < r; ++j) { + const GENERAL_NAME *gn = sk_GENERAL_NAME_value(gens, j); @@ -152,10 +170,13 @@ Index: socket.c + return 0; + } if (outlevel >= O_VERBOSE) -- report(stderr, "Subject Alternative Name: %s\n", p1); -+ report(stdout, GT_("Subject Alternative Name: %s\n"), p1); - if (*p1 == '*') { - ++p1; - n = strlen(p2) - strlen(p1); + report(stderr, "Subject Alternative Name: %s\n", p1); END OF fetchmail-SA-2009-01.txt +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.11 (GNU/Linux) + +iEYEARECAAYFAk9/Yg4ACgkQvmGDOQUufZUQ7ACgheMkM4k7NLg6cz8ys3jk9C/P +uxgAnRzc38wIDR+8Pio9CmDLheOcuskK +=OYqf +-----END PGP SIGNATURE-----