aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--NEWS1
-rw-r--r--fetchmail-SA-2021-02.txt22
-rw-r--r--imap.c22
3 files changed, 27 insertions, 18 deletions
diff --git a/NEWS b/NEWS
index 2d51b6e7..9ab3f065 100644
--- a/NEWS
+++ b/NEWS
@@ -97,6 +97,7 @@ fetchmail-6.4.22 (not yet released):
TLS is better without STARTTLS - A Security Analysis of STARTTLS in the Email
Context" by Damian Poddebniak, Fabian Ising, Hanno Böck, and Sebastian
Schinzel. The paper did not mention fetchmail.
+* On IMAP connections, --auth ssh no longer prevents STARTTLS negotiation.
--------------------------------------------------------------------------------
fetchmail-6.4.21 (released 2021-08-09, 30042 LoC):
diff --git a/fetchmail-SA-2021-02.txt b/fetchmail-SA-2021-02.txt
index 7c324ed4..c660b4aa 100644
--- a/fetchmail-SA-2021-02.txt
+++ b/fetchmail-SA-2021-02.txt
@@ -1,9 +1,9 @@
-fetchmail-SA-2021-02: failure to enforce STARTTLS session encryption with IMAP PREAUTH
+fetchmail-SA-2021-02: failure to enforce STARTTLS session encryption
Topics: fetchmail fails to enforce an encrypted connection
Author: Matthias Andree
-Version: 0.1
+Version: 0.2
Announced: TBC
Type: failure to enforce configured security policy
Impact: fetchmail continues an unencrypted connection,
@@ -31,6 +31,7 @@ Corrected in: TBC Git commit hash (both needed)
2021-08-10 initial report to maintainer
2021-08-10 0.1 first draft
+2021-08-13 0.2 mention --auth ssh defeated STARTTLS
1. Background
@@ -49,15 +50,16 @@ regular protocol ports.
=================================
fetchmail permits requiring that an IMAP or POP3 protocol exchange uses
-a TLS-encrypted transport, in 6.4 by way of an --sslproto auto or similar configuration.
+a TLS-encrypted transport, in 6.4 by way of an --sslproto auto or similar
+configuration.
-This TLS encryption can be establised either as implicit or fully-wrapped
+This TLS encryption can be established either as implicit or fully-wrapped
connections on dedicated TCP ports for the "secure" variants, or by initiating
-a cleartext protocol exchange and then requesting a TLS negotiation in-band.
+a clear-text protocol exchange and then requesting a TLS negotiation in-band.
IMAP also supports sessions that start in "authenticated state" (PREAUTH).
In this latter case, IMAP (RFC-3501) does not permit sending STARTTLS
-negotations, which are only permissible in not-authenticated state.
+negotiations, which are only permissible in not-authenticated state.
In such a combination of circumstances (1. IMAP protocol in use, 2. the server
greets with PREAUTH, announcing authenticated state, 3. the user configured TLS
@@ -65,7 +67,13 @@ mandatory, 4. the user did not configure "ssl" mode that uses separate ports
for implicit SSL/TLS), fetchmail 6.4.21 and older continues with the
unencrypted connection, rather than flagging the situation and aborting.
-This can cause e-mail and potentially passwords to be exposed to eavesdropping.
+Also, a configuration containing --auth ssh (meaning that fetchmail should not
+authenticate, on the assumption that the session will be pre-authenticated for
+instance through SSH running a PREAUTH mail server with --plugin, or TLS client
+certificates), will also defeat STARTTLS as result of an implementation defect.
+
+This can cause e-mail and in the first case, also potentially passwords, to be
+exposed to eavesdropping.
3. Solutions
diff --git a/imap.c b/imap.c
index 3b74f6f6..50e28a5a 100644
--- a/imap.c
+++ b/imap.c
@@ -434,6 +434,7 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting)
if (ctl->sslcommonname)
commonname = ctl->sslcommonname;
+#ifdef SSL_ENABLE
/* Defend against a PREAUTH-prevents-STARTTLS attack */
if (preauth && must_starttls(ctl)) {
report(stderr, GT_("%s: configuration requires TLS, but STARTTLS is not permitted "
@@ -442,17 +443,6 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting)
return PS_SOCKET;
}
- /*
- * If either (a) we saw a PREAUTH token in the greeting, or
- * (b) the user specified ssh preauthentication, then we're done.
- */
- if (preauth || ctl->server.authenticate == A_SSH)
- {
- preauth = FALSE; /* reset for the next session */
- return(PS_SUCCESS);
- }
-
-#ifdef SSL_ENABLE
if (maybe_starttls(ctl)) {
if ((strstr(capabilities, "STARTTLS") && maybe_starttls(ctl))
|| must_starttls(ctl)) /* if TLS is mandatory, ignore capabilities */
@@ -512,6 +502,16 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting)
}
#endif /* SSL_ENABLE */
+ /*
+ * If either (a) we saw a PREAUTH token in the greeting, or
+ * (b) the user specified ssh preauthentication, then we're done.
+ */
+ if (preauth || ctl->server.authenticate == A_SSH)
+ {
+ preauth = FALSE; /* reset for the next session */
+ return(PS_SUCCESS);
+ }
+
/*
* Time to authenticate the user.
* Try the protocol variants that don't require passwords first.