+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
fetchmail-SA-2009-01: Improper SSL certificate subject verification
Topics: Improper SSL certificate subject verification
Author: Matthias Andree
Version: 1.0
-Announced: 2009-08-XX
+Announced: 2009-08-06
Type: Allows undetected Man-in-the-middle attacks against SSL/TLS.
Impact: Credential disclose to eavesdroppers.
-Danger: low
-CVSS V2 vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C)
+Danger: medium
+CVSSv2 vectors: (AV:N/AC:M/Au:N/C:P/I:N/A:N) (E:H/RL:OF/RC:C)
-Credits:
-CVE Name: CVE-2009-xxxx
+CVE Name: CVE-2009-2666
URL: http://www.fetchmail.info/fetchmail-SA-2009-01.txt
Project URL: http://www.fetchmail.info/
-Affects: fetchmail release before and excluding 6.3.11
+Affects: fetchmail releases up to and including 6.3.10
Not affected: fetchmail release 6.3.11 and newer
==================
2009-08-05 0.1 first draft (visible in SVN)
+2009-08-06 1.0 first release
1. Background
Moxie Marlinspike demonstrated in July 2009 that some CAs would sign
certificates that contain embedded NUL characters in the Common Name or
-subjectAltName fields of ITU-T X.509 certificates. Applications what
-would treat such strings in X.509 as NUL-terminated C strings (rather
-than strings that contain an explicit length field) would only
-check the part up to and excluding the NUL character, so that
+subjectAltName fields of ITU-T X.509 certificates.
+
+Applications that would treat such X.509 strings as NUL-terminated C
+strings (rather than strings that contain an explicit length field)
+would only check the part up to and excluding the NUL character, so that
certificate names such as www.good.example\0www.bad.example.com would be
-mistaken as a certificate name for www.good.example. The CA however
-would usually sign example.com and not care about the subdomain.
+mistaken as a certificate name for www.good.example. fetchmail also had
+this design and implementation flaw.
+
+Note that fetchmail should always be forced to use strict certificate
+validation through either of these option combinations:
+
+ --sslcertck --ssl --sslproto ssl3 (for service on SSL-wrapped ports)
+or
+ --sslcertck --sslproto tls1 (for STARTTLS-based services)
+
+(These are for the command line, in the rcfile, you will need to omit
+the respective leading --).
+
+The default is relaxed checking for compatibility with historic versions.
3. Solution
(C) Copyright 2009 by Matthias Andree, <matthias.andree@gmx.de>.
Some rights reserved.
-This work is licensed under the Creative Commons
-Attribution-Noncommercial-No Derivative Works 3.0 Germany License.
+This work is licensed under the
+Creative Commons Attribution-NoDerivs 3.0 Germany License (CC BY-ND 3.0).
+
To view a copy of this license, visit
-http://creativecommons.org/licenses/by-nc-nd/3.0/de/ or send a letter to
+http://creativecommons.org/licenses/by-nd/3.0/de/deed.en
+or send a letter to:
Creative Commons
-171 Second Street
-Suite 300
-SAN FRANCISCO, CALIFORNIA 94105
+444 Castro Street
+Suite 900
+MOUNTAIN VIEW, CALIFORNIA 94041
USA
Index: socket.c
===================================================================
---- ./socket.c~
+- --- ./socket.c~
+++ ./socket.c
@@ -632,6 +632,12 @@
report(stderr, GT_("Bad certificate: Subject CommonName too long!\n"));
if (_ssl_server_cname != NULL) {
char *p1 = buf;
char *p2 = _ssl_server_cname;
-@@ -643,14 +649,21 @@
+@@ -643,11 +649,18 @@
* first find a match among alternative names */
gens = (STACK_OF(GENERAL_NAME) *)X509_get_ext_d2i(x509_cert, NID_subject_alt_name, NULL, NULL);
if (gens) {
-- int i, r;
-- for (i = 0, r = sk_GENERAL_NAME_num(gens); i < r; ++i) {
-- const GENERAL_NAME *gn = sk_GENERAL_NAME_value(gens, i);
+- - int i, r;
+- - for (i = 0, r = sk_GENERAL_NAME_num(gens); i < r; ++i) {
+- - const GENERAL_NAME *gn = sk_GENERAL_NAME_value(gens, i);
+ int j, r;
+ for (j = 0, r = sk_GENERAL_NAME_num(gens); j < r; ++j) {
+ const GENERAL_NAME *gn = sk_GENERAL_NAME_value(gens, j);
+ return 0;
+ }
if (outlevel >= O_VERBOSE)
-- report(stderr, "Subject Alternative Name: %s\n", p1);
-+ report(stdout, GT_("Subject Alternative Name: %s\n"), p1);
- if (*p1 == '*') {
- ++p1;
- n = strlen(p2) - strlen(p1);
+ report(stderr, "Subject Alternative Name: %s\n", p1);
END OF fetchmail-SA-2009-01.txt
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.11 (GNU/Linux)
+
+iEYEARECAAYFAk9/Yg4ACgkQvmGDOQUufZUQ7ACgheMkM4k7NLg6cz8ys3jk9C/P
+uxgAnRzc38wIDR+8Pio9CmDLheOcuskK
+=OYqf
+-----END PGP SIGNATURE-----