Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:Update
mutt.30624
3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01.patch of Package mutt.30624
From 3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01 Mon Sep 17 00:00:00 2001 From: Kevin McCarthy <kevin@8t8.us> Date: Sun, 14 Jun 2020 11:30:00 -0700 Subject: [PATCH] Prevent possible IMAP MITM via PREAUTH response. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is similar to CVE-2014-2567 and CVE-2020-12398. STARTTLS is not allowed in the Authenticated state, so previously Mutt would implicitly mark the connection as authenticated and skip any encryption checking/enabling. No credentials are exposed, but it does allow messages to be sent to an attacker, via postpone or fcc'ing for instance. Reuse the $ssl_starttls quadoption "in reverse" to prompt to abort the connection if it is unencrypted. Thanks very much to Damian Poddebniak and Fabian Ising from the Münster University of Applied Sciences for reporting this issue, and their help in testing the fix. --- imap/imap.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git imap/imap.c imap/imap.c index 63362176..3ca10df4 100644 --- imap/imap.c +++ imap/imap.c @@ -530,6 +530,22 @@ int imap_open_connection (IMAP_DATA* idata) } else if (ascii_strncasecmp ("* PREAUTH", idata->buf, 9) == 0) { +#if defined(USE_SSL) + /* An unencrypted PREAUTH response is most likely a MITM attack. + * Require a confirmation. */ + if (!idata->conn->ssf) + { + if (option(OPTSSLFORCETLS) || + (query_quadoption (OPT_SSLSTARTTLS, + _("Abort unencrypted PREAUTH connection?")) != MUTT_NO)) + { + mutt_error _("Encrypted connection unavailable"); + mutt_sleep (1); + goto err_close_conn; + } + } +#endif + idata->state = IMAP_AUTHENTICATED; if (imap_check_capabilities (idata) != 0) goto bail; -- 2.26.2
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor