diff options
-rw-r--r-- | NEWS | 1 | ||||
-rw-r--r-- | fetchmail-SA-2021-02.txt | 22 | ||||
-rw-r--r-- | imap.c | 22 |
3 files changed, 27 insertions, 18 deletions
@@ -97,6 +97,7 @@ fetchmail-6.4.22 (not yet released): TLS is better without STARTTLS - A Security Analysis of STARTTLS in the Email Context" by Damian Poddebniak, Fabian Ising, Hanno Böck, and Sebastian Schinzel. The paper did not mention fetchmail. +* On IMAP connections, --auth ssh no longer prevents STARTTLS negotiation. -------------------------------------------------------------------------------- fetchmail-6.4.21 (released 2021-08-09, 30042 LoC): diff --git a/fetchmail-SA-2021-02.txt b/fetchmail-SA-2021-02.txt index 7c324ed4..c660b4aa 100644 --- a/fetchmail-SA-2021-02.txt +++ b/fetchmail-SA-2021-02.txt @@ -1,9 +1,9 @@ -fetchmail-SA-2021-02: failure to enforce STARTTLS session encryption with IMAP PREAUTH +fetchmail-SA-2021-02: failure to enforce STARTTLS session encryption Topics: fetchmail fails to enforce an encrypted connection Author: Matthias Andree -Version: 0.1 +Version: 0.2 Announced: TBC Type: failure to enforce configured security policy Impact: fetchmail continues an unencrypted connection, @@ -31,6 +31,7 @@ Corrected in: TBC Git commit hash (both needed) 2021-08-10 initial report to maintainer 2021-08-10 0.1 first draft +2021-08-13 0.2 mention --auth ssh defeated STARTTLS 1. Background @@ -49,15 +50,16 @@ regular protocol ports. ================================= fetchmail permits requiring that an IMAP or POP3 protocol exchange uses -a TLS-encrypted transport, in 6.4 by way of an --sslproto auto or similar configuration. +a TLS-encrypted transport, in 6.4 by way of an --sslproto auto or similar +configuration. -This TLS encryption can be establised either as implicit or fully-wrapped +This TLS encryption can be established either as implicit or fully-wrapped connections on dedicated TCP ports for the "secure" variants, or by initiating -a cleartext protocol exchange and then requesting a TLS negotiation in-band. +a clear-text protocol exchange and then requesting a TLS negotiation in-band. IMAP also supports sessions that start in "authenticated state" (PREAUTH). In this latter case, IMAP (RFC-3501) does not permit sending STARTTLS -negotations, which are only permissible in not-authenticated state. +negotiations, which are only permissible in not-authenticated state. In such a combination of circumstances (1. IMAP protocol in use, 2. the server greets with PREAUTH, announcing authenticated state, 3. the user configured TLS @@ -65,7 +67,13 @@ mandatory, 4. the user did not configure "ssl" mode that uses separate ports for implicit SSL/TLS), fetchmail 6.4.21 and older continues with the unencrypted connection, rather than flagging the situation and aborting. -This can cause e-mail and potentially passwords to be exposed to eavesdropping. +Also, a configuration containing --auth ssh (meaning that fetchmail should not +authenticate, on the assumption that the session will be pre-authenticated for +instance through SSH running a PREAUTH mail server with --plugin, or TLS client +certificates), will also defeat STARTTLS as result of an implementation defect. + +This can cause e-mail and in the first case, also potentially passwords, to be +exposed to eavesdropping. 3. Solutions @@ -434,6 +434,7 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting) if (ctl->sslcommonname) commonname = ctl->sslcommonname; +#ifdef SSL_ENABLE /* Defend against a PREAUTH-prevents-STARTTLS attack */ if (preauth && must_starttls(ctl)) { report(stderr, GT_("%s: configuration requires TLS, but STARTTLS is not permitted " @@ -442,17 +443,6 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting) return PS_SOCKET; } - /* - * If either (a) we saw a PREAUTH token in the greeting, or - * (b) the user specified ssh preauthentication, then we're done. - */ - if (preauth || ctl->server.authenticate == A_SSH) - { - preauth = FALSE; /* reset for the next session */ - return(PS_SUCCESS); - } - -#ifdef SSL_ENABLE if (maybe_starttls(ctl)) { if ((strstr(capabilities, "STARTTLS") && maybe_starttls(ctl)) || must_starttls(ctl)) /* if TLS is mandatory, ignore capabilities */ @@ -512,6 +502,16 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting) } #endif /* SSL_ENABLE */ + /* + * If either (a) we saw a PREAUTH token in the greeting, or + * (b) the user specified ssh preauthentication, then we're done. + */ + if (preauth || ctl->server.authenticate == A_SSH) + { + preauth = FALSE; /* reset for the next session */ + return(PS_SUCCESS); + } + /* * Time to authenticate the user. * Try the protocol variants that don't require passwords first. |