/** \file fetchmail.h header file for fetchmail */ #ifndef _FETCHMAIL_H #define _FETCHMAIL_H /* * For license terms, see the file COPYING in this directory. */ /* We need this for HAVE_STDARG_H, etc */ #include "config.h" /* We need this for size_t */ #include /* We need this for time_t */ #if TIME_WITH_SYS_TIME # include # include #else # if HAVE_SYS_TIME_H # include # else # include # endif #endif #include /* Import Trio if needed */ #if !defined(HAVE_SNPRINTF) || !defined(HAVE_VSNPRINTF) # include "trio/trio.h" #endif /* We need this for strstr */ #if !defined(HAVE_STRSTR) && !defined(strstr) char *strstr(const char *, const char *); #endif /* constants designating the various supported protocols */ #define P_AUTO 1 #define P_POP2 2 #define P_POP3 3 #define P_APOP 4 #define P_RPOP 5 #define P_IMAP 6 #define P_ETRN 7 #define P_ODMR 8 #define SMTP_PORT "smtp" #define SMTP_PORT_NUM 25 #define KPOP_PORT "kpop" #ifdef SSL_ENABLE #define SIMAP_PORT 993 #define SPOP3_PORT 995 #endif /* * We need to distinguish between mailbox and mailbag protocols. * Under a mailbox protocol wwe're pulling mail for a speecific user. * Under a mailbag protocol we're fetching mail for an entire domain. */ #define MAILBOX_PROTOCOL(ctl) ((ctl)->server.protocol < P_ETRN) /* authentication types */ #define A_ANY 0 /* use the first method that works */ #define A_PASSWORD 1 /* password authentication */ #define A_NTLM 2 /* Microsoft NTLM protocol */ #define A_CRAM_MD5 3 /* CRAM-MD5 shrouding (RFC2195) */ #define A_OTP 4 /* One-time password (RFC1508) */ #define A_KERBEROS_V4 5 /* authenticate w/ Kerberos V4 */ #define A_KERBEROS_V5 6 /* authenticate w/ Kerberos V5 */ #define A_GSSAPI 7 /* authenticate with GSSAPI */ #define A_SSH 8 /* authentication at session level */ #define A_MSN 9 /* same as NTLM with keyword MSN */ /* some protocols or authentication types (KERBEROS, GSSAPI, SSH) don't * require a password */ #define NO_PASSWORD(ctl) \ ((ctl)->server.authenticate == A_OTP \ || (ctl)->server.authenticate == A_KERBEROS_V4 \ || (ctl)->server.authenticate == A_KERBEROS_V5 \ || (ctl)->server.authenticate == A_GSSAPI \ || (ctl)->server.authenticate == A_SSH \ || (ctl)->server.protocol == P_ETRN) /* * Definitions for buffer sizes. We get little help on setting maxima * from IMAP RFCs up to 2060, so these are mostly from POP3. */ #define HOSTLEN 635 /* max hostname length (RFC1123) */ #define POPBUFSIZE 512 /* max length of response (RFC1939) */ #define IDLEN 128 /* max length of UID (RFC1939) */ /* per RFC1939 this should be 40, but Microsoft Exchange ignores that limit */ #define USERNAMELEN 128 /* max POP3 arg length */ /* clear a netBSD kernel parameter out of the way */ #undef MSGBUFSIZE /* * The RFC822 limit on message line size is just 998. But * make this *way* oversized; idiot DOS-world mailers that * don't line-wrap properly often ship entire paragraphs as * lines. */ #define MSGBUFSIZE 8192 #define NAMELEN 64 /* max username length */ #define PASSWORDLEN 64 /* max password length */ #define DIGESTLEN 33 /* length of MD5 digest */ /* exit code values */ #define PS_SUCCESS 0 /* successful receipt of messages */ #define PS_NOMAIL 1 /* no mail available */ #define PS_SOCKET 2 /* socket I/O woes */ #define PS_AUTHFAIL 3 /* user authorization failed */ #define PS_PROTOCOL 4 /* protocol violation */ #define PS_SYNTAX 5 /* command-line syntax error */ #define PS_IOERR 6 /* bad permissions on rc file */ #define PS_ERROR 7 /* protocol error */ #define PS_EXCLUDE 8 /* client-side exclusion error */ #define PS_LOCKBUSY 9 /* server responded lock busy */ #define PS_SMTP 10 /* SMTP error */ #define PS_DNS 11 /* fatal DNS error */ #define PS_BSMTP 12 /* output batch could not be opened */ #define PS_MAXFETCH 13 /* poll ended by fetch limit */ #define PS_SERVBUSY 14 /* server is busy */ /* leave space for more codes */ #define PS_UNDEFINED 23 /* something I hadn't thought of */ #define PS_TRANSIENT 24 /* transient failure (internal use) */ #define PS_REFUSED 25 /* mail refused (internal use) */ #define PS_RETAINED 26 /* message retained (internal use) */ #define PS_TRUNCATED 27 /* headers incomplete (internal use) */ #define PS_REPOLL 28 /* repoll immediately with changed parameters (internal use) */ #define PS_IDLETIMEOUT 29 /* timeout on imap IDLE (internal use) */ /* output noise level */ #define O_SILENT 0 /* mute, max squelch, etc. */ #define O_NORMAL 1 /* user-friendly */ #define O_VERBOSE 2 /* chatty */ #define O_DEBUG 3 /* prolix */ #define O_MONITOR O_VERBOSE #define SIZETICKER 1024 /* print 1 dot per this many bytes */ /* * We #ifdef this and use flag rather than bool * to avoid a type clash with curses.h */ #ifndef TRUE #define FALSE 0 #define TRUE 1 #endif /* TRUE */ typedef char flag; /* we need to use zero as a flag-uninitialized value */ #define FLAG_TRUE 2 #define FLAG_FALSE 1 struct runctl { char *logfile; char *idfile; int poll_interval; char *postmaster; flag bouncemail; flag spambounce; char *properties; flag use_syslog; flag invisible; flag showdots; }; struct idlist { unsigned char *id; union { struct { int num; flag mark; /* UID-index information */ #define UID_UNSEEN 0 /* hasn't been seen */ #define UID_SEEN 1 /* seen, but not deleted */ #define UID_DELETED 2 /* this message has been deleted */ #define UID_EXPUNGED 3 /* this message has been expunged */ } status; unsigned char *id2; } val; struct idlist *next; }; struct query; struct method /* describe methods for protocol state machine */ { const char *name; /* protocol name */ const char *service; /* service port (unencrypted) */ const char *sslservice; /* service port (SSL) */ flag tagged; /* if true, generate & expect command tags */ flag delimited; /* if true, accept "." message delimiter */ int (*parse_response)(int, char *); /* response_parsing function */ int (*getauth)(int, struct query *, char *); /* authorization fetcher */ int (*getrange)(int, struct query *, const char *, int *, int *, int *); /* get message range to fetch */ int (*getsizes)(int, int, int *); /* get sizes of messages */ int (*getpartialsizes)(int, int, int, int *); /* get sizes of subset of messages */ int (*is_old)(int, struct query *, int); /* check for old me
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
 <HEAD>
   <TITLE> [fetchmail-devel] Security vulnerability in APOP authentication
   </TITLE>
   <LINK REL="Index" HREF="index.html" >
   <LINK REL="made" HREF="mailto:fetchmail-devel%40lists.berlios.de?Subject=Re%3A%20%5Bfetchmail-devel%5D%20Security%20vulnerability%20in%20APOP%20authentication&In-Reply-To=%3Cqlkbqirheq7.fsf%40clipper.ens.fr%3E">
   <META NAME="robots" CONTENT="index,nofollow">
   <style type="text/css">
       pre {
           white-space: pre-wrap;       /* css-2.1, curent FF, Opera, Safari */
           }
   </style>
   <META http-equiv="Content-Type" content="text/html; charset=us-ascii">
   <LINK REL="Previous"  HREF="000884.html">
   <LINK REL="Next"  HREF="000889.html">
 </HEAD>
 <BODY BGCOLOR="#ffffff">
   <H1>[fetchmail-devel] Security vulnerability in APOP authentication</H1>
    <B>Ga&#235;tan LEURENT</B> 
    <A HREF="mailto:fetchmail-devel%40lists.berlios.de?Subject=Re%3A%20%5Bfetchmail-devel%5D%20Security%20vulnerability%20in%20APOP%20authentication&In-Reply-To=%3Cqlkbqirheq7.fsf%40clipper.ens.fr%3E"
       TITLE="[fetchmail-devel] Security vulnerability in APOP authentication">gaetan.leurent at ens.fr
       </A><BR>
    <I>Wed Mar 14 15:55:08 CET 2007</I>
    <P><UL>
        <LI>Previous message: <A HREF="000884.html">[fetchmail-devel] Bug#413059: --sslcheck - non-existent option	in the man page
</A></li>
        <LI>Next message: <A HREF="000889.html">[fetchmail-devel] Security vulnerability in APOP authentication
</A></li>
         <LI> <B>Messages sorted by:</B> 
              <a href="date.html#887">[ date ]</a>
              <a href="thread.html#887">[ thread ]</a>
              <a href="subject.html#887">[ subject ]</a>
              <a href="author.html#887">[ author ]</a>
         </LI>
       </UL>
    <HR>  
<!--beginarticle-->
<PRE>Hello,

I found a security vulnerability in the APOP authentication.  It is
related to recent collision attacks by Wang and al. against MD5.  The
basic idea is to craft a pair of message-ids that will collide in the
APOP hash if the password begins in a specified way.  So the attacker
would impersonate a POP server, and send these msg-id; the client will
return the hash, and the attacker can learn some password characters.

The msg-ids will be generated from a MD5 collision: if you have two
colliding messages for MD5 &quot;&lt;????@????&gt;x&quot; and &quot;&lt;&#191;&#191;&#191;&#191;@&#191;&#191;&#191;&#191;&gt;x&quot;, and the
message are of length two blocks, then you will use &quot;&lt;????@????&gt;&quot; and
&quot;&lt;&#191;&#191;&#191;&#191;@&#191;&#191;&#191;&#191;&gt;&quot; as msg-ids.  When the client computes MD5(msg-id||passwd)
with these two, it will collide if the first password character if 'x',
no matter what is next (since we are at a block boundary, and the end of
the password will be the same in the two hashs).  Therefore you can
learn the password characters one by one (actually you can only recover
three of them, due to the way MD5 collisions are computed).

This attack is really a practical one: it needs about an hour of
computation and a few hundred authentications from the client, and can
recover three password characters.  I tested it against fetchmail, and
it does work.

However, using the current techniques available to attack MD5, the
msg-ids sent by the server can easily be distinguished from genuine ones
as they will not respect the RFC specification.  In particular, they
will contain non-ASCII characters.  Therefore, as a security
countermeasure, I think fetchmail should reject msg-ids that does not
conform to the RFC.

The details of the attack and the new results against MD5 needed to
build it will be presented in the Fast Software Encryption conference on
March 28.  I can send you some more details if needed.

Meanwhile, feel free to alert any one that you believe is concerned.
I am already sending this mail to the maintainers of Thunderbird,
Evolution, fetchmail, and mutt.  KMail already seems to do enough checks
on the msg-id to avoid the attack.

Please CC me in any reply.

-- 
Ga&#235;tan LEURENT

</PRE>

<!--endarticle-->
    <HR>
    <P><UL>
        <!--threads-->
	<LI>Previous message: <A HREF="000884.html">[fetchmail-devel] Bug#413059: --sslcheck - non-existent option	in the man page
</A></li>
	<LI>Next message: <A HREF="000889.html">[fetchmail-devel] Security vulnerability in APOP authentication
</A></li>
         <LI> <B>Messages sorted by:</B> 
              <a href="date.html#887">[ date ]</a>
              <a href="thread.html#887">[ thread ]</a>
              <a href="subject.html#887">[ subject ]</a>
              <a href="author.html#887">[ author ]</a>
         </LI>
       </UL>

<hr>
<a href="https://lists.berlios.de/mailman/listinfo/fetchmail-devel">More information about the fetchmail-devel
mailing list</a><br>
</body></html>