aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--NEWS6
-rw-r--r--fetchmail-SA-2021-02.txt32
-rw-r--r--pop3.c74
3 files changed, 69 insertions, 43 deletions
diff --git a/NEWS b/NEWS
index 3f17f216..cf955bbe 100644
--- a/NEWS
+++ b/NEWS
@@ -101,9 +101,13 @@ fetchmail-6.4.22 (not yet released):
TLS is better without STARTTLS - A Security Analysis of STARTTLS in the Email
Context" by Damian Poddebniak, Fabian Ising, Hanno Böck, and Sebastian
Schinzel. The paper did not mention fetchmail.
-* On IMAP connections, --auth ssh no longer prevents STARTTLS negotiation.
+* On IMAP and POP3 connections, --auth ssh no longer prevents STARTTLS
+ negotiation.
* On IMAP connections, do not permit to override a server-side LOGINDISABLED
with --auth password any more.
+* On POP3 connections, the possibility for RPA authentication (by probing with
+ an AUTH command without arguments) no longer prevents STARTTLS negotiation.
+* For POP3 connections, RPA is only attempted if the authentication type is any.
# BUG FIXES:
* On IMAP connections, when AUTHENTICATE EXTERNAL fails and we have received the
diff --git a/fetchmail-SA-2021-02.txt b/fetchmail-SA-2021-02.txt
index c660b4aa..ffa2a3d4 100644
--- a/fetchmail-SA-2021-02.txt
+++ b/fetchmail-SA-2021-02.txt
@@ -3,7 +3,7 @@ fetchmail-SA-2021-02: failure to enforce STARTTLS session encryption
Topics: fetchmail fails to enforce an encrypted connection
Author: Matthias Andree
-Version: 0.2
+Version: 0.3
Announced: TBC
Type: failure to enforce configured security policy
Impact: fetchmail continues an unencrypted connection,
@@ -32,6 +32,9 @@ Corrected in: TBC Git commit hash (both needed)
2021-08-10 initial report to maintainer
2021-08-10 0.1 first draft
2021-08-13 0.2 mention --auth ssh defeated STARTTLS
+2021-08-14 0.3 mention POP3 RPA defeated STARTTLS, and
+ make explicit that --auth ssh applied to
+ IMAP and POP3 alike.
1. Background
@@ -60,17 +63,24 @@ a clear-text protocol exchange and then requesting a TLS negotiation in-band.
IMAP also supports sessions that start in "authenticated state" (PREAUTH).
In this latter case, IMAP (RFC-3501) does not permit sending STARTTLS
negotiations, which are only permissible in not-authenticated state.
-
-In such a combination of circumstances (1. IMAP protocol in use, 2. the server
-greets with PREAUTH, announcing authenticated state, 3. the user configured TLS
-mandatory, 4. the user did not configure "ssl" mode that uses separate ports
-for implicit SSL/TLS), fetchmail 6.4.21 and older continues with the
-unencrypted connection, rather than flagging the situation and aborting.
+ In such a combination of circumstances (1. IMAP protocol in use, 2. the
+server greets with PREAUTH, announcing authenticated state, 3. the user
+configured TLS mandatory, 4. the user did not configure "ssl" mode that uses
+separate ports for implicit SSL/TLS), fetchmail 6.4.21 and older continues
+with the unencrypted connection, rather than reporting and aborting.
+
+A similar situation is encountered for POP3: if the remote name contains
+@compuserve.com, the server supports a non-standard "AUTH" command without
+mechanism argument and responds with a list that contains "RPA" (also in
+mixed or lower case), then fetchmail will not attempt STARTTLS. While the
+password itself is then protected by the RPA scheme (which employs MD5 however),
+the session as a whole is not protected by TLS.
Also, a configuration containing --auth ssh (meaning that fetchmail should not
authenticate, on the assumption that the session will be pre-authenticated for
-instance through SSH running a PREAUTH mail server with --plugin, or TLS client
+instance through SSH running a mail server with --plugin, or TLS client
certificates), will also defeat STARTTLS as result of an implementation defect.
+This affected both POP3 and IMAP.
This can cause e-mail and in the first case, also potentially passwords, to be
exposed to eavesdropping.
@@ -89,10 +99,10 @@ https://gitlab.com/fetchmail/fetchmail/-/tree/legacy_64 (primary)
https://sourceforge.net/p/fetchmail/git/ci/legacy_64/tree/ (copy)
-3b. Alternatively, where the IMAP server supports this form of access,
+3b. Alternatively, where the IMAP or POP3 server supports this form of access,
fetchmail can be configured to "ssl" mode, meaning it will connect to
-a dedicated port (default: 993 for IMAP) and negotiate TLS without
-prior clear-text protocol exchange.
+a dedicated port (default: 993 for IMAP, 995 for POP3) and negotiate TLS
+without prior clear-text protocol exchange.
Also, --ssl can be given on the command line, which switches all
configured server statements to this ssl mode.
diff --git a/pop3.c b/pop3.c
index c2238b72..430ff8d7 100644
--- a/pop3.c
+++ b/pop3.c
@@ -332,9 +332,6 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
}
peek_capable = 0;
}
- if (ctl->server.authenticate == A_SSH) {
- return PS_SUCCESS;
- }
#ifdef SDPS_ENABLE
/*
@@ -348,33 +345,6 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
switch (ctl->server.protocol) {
case P_POP3:
-#ifdef RPA_ENABLE
- /* XXX FIXME: AUTH probing (RFC1734) should become global */
- /* CompuServe POP3 Servers as of 990730 want AUTH first for RPA */
- if (strstr(ctl->remotename, "@compuserve.com"))
- {
- /* AUTH command should return a list of available mechanisms */
- if (gen_transact(sock, "AUTH") == 0)
- {
- char buffer[10];
- flag has_rpa = FALSE;
-
- while ((ok = gen_recv(sock, buffer, sizeof(buffer))) == 0)
- {
- if (DOTLINE(buffer))
- break;
- if (strncasecmp(buffer, "rpa", 3) == 0)
- has_rpa = TRUE;
- }
- if (has_rpa && !POP3_auth_rpa(ctl->remotename,
- ctl->password, sock))
- return(PS_SUCCESS);
- }
-
- return(PS_AUTHFAIL);
- }
-#endif /* RPA_ENABLE */
-
/*
* CAPA command may return a list including available
* authentication mechanisms and STLS capability.
@@ -500,7 +470,49 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
} /* maybe_starttls() */
#endif /* SSL_ENABLE */
- /*
+ if (ctl->server.authenticate == A_SSH) {
+ return PS_SUCCESS;
+ }
+
+#ifdef RPA_ENABLE
+ /* XXX FIXME: AUTH probing (RFC1734) should become global */
+ /* CompuServe POP3 Servers as of 990730 want AUTH first for RPA */
+ if (strstr(ctl->remotename, "@compuserve.com")
+ && ctl->server.authenticate == A_ANY)
+ {
+ /* AUTH command should return a list of available mechanisms. */
+ /* 2021 update: it is unclear which software still supports RPA these days.
+ This behavior (AUTH without a method argument, to query)
+ is not sanctioned by RFC-1734 but was/is apparently
+ supported by Compuserve and Microsoft for their NTLM:
+ https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-pop3/cb6829e1-d6f4-447b-9092-2671a257563c
+ */
+ if (gen_transact(sock, "AUTH") == 0)
+ {
+ char buffer[10];
+ flag has_rpa = FALSE;
+ int err;
+
+ while ((err = gen_recv(sock, buffer, sizeof(buffer))) == 0)
+ {
+ if (DOTLINE(buffer))
+ break;
+ if (strncasecmp(buffer, "rpa", 3) == 0)
+ has_rpa = TRUE;
+ }
+ if (err) {
+ return err;
+ }
+ if (has_rpa && !POP3_auth_rpa(ctl->remotename,
+ ctl->password, sock))
+ return PS_SUCCESS;
+ }
+
+ return PS_AUTHFAIL;
+ }
+#endif /* RPA_ENABLE */
+
+/*
* OK, we have an authentication type now.
*/
#if defined(KERBEROS_V4)