Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 505146 (CVE-2014-2567) - <mail-client/trojita-0.4.1 : ssl stripping (CVE-2014-2567)
Summary: <mail-client/trojita-0.4.1 : ssl stripping (CVE-2014-2567)
Status: RESOLVED FIXED
Alias: CVE-2014-2567
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: ~4 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2014-03-20 08:30 UTC by Agostino Sarubbo
Modified: 2014-04-10 21:23 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2014-03-20 08:30:52 UTC
From ${URL} :

Summary
-------

An SSL stripping vulnerability was discovered in Trojitá [1], a fast Qt 
IMAP e-mail client. *User's credentials are never leaked*, but if a user 
tries to send an e-mail, the automatic saving into the "sent" or "draft" 
folders could happen over a plaintext connection even if the user's 
preferences specify STARTTLS as a requirement.

Background
----------

The IMAP protocol defines the STARTTLS command which is used to 
transparently upgrade a plaintext connection to an encrypted one using 
SSL/TLS. The STARTTLS command can only be issued in an unauthenticated 
state as per the IMAP's state machine.

RFC 3501 also allows for a possibility of the connection jumping 
immediately into an authenticated state via the PREAUTH initial response. 
However, as the STARTTLS command cannot be issued once in the authenticated 
state, an attacker able to intercept and modify the network communication 
might trick the client into a state where the connection cannot be 
encrypted anymore.

Affected versions
-----------------

All versions of Trojitá up to 0.4 are vulnerable.

The fix will be included in version 0.4.1 (to be released after the CVE 
gets assigned).

Remedies
--------

Configurations which use the SSL/TLS form the very beginning (e.g. the 
connections using port 993) are secure and not vulnerable.

Possible impact
---------------

The user's credentials will *never* be transmitted over a plaintext 
connection even in presence of this attack.

Because Trojitá proceeded to use the connection without STARTTLS in face of 
PREAUTH, certain data might be leaked to the attacker. The only example 
which we were able to identify is the full content of a message which the 
user attempts to save to their "Sent" folder while trying to send a mail.

We don't believe that any other data could be leaked. Again, user's 
credentials will *not* be leaked as they are never transmitted under this 
scenario.

Acknowledgement
---------------

Thanks to Arnt Gulbrandsen on the imap-protocol ML for asking what happens 
when we're configured to request STARTTLS and a PREAUTH is received, and to 
Michael M Slusarz for starting that discussion.

[1] http://trojita.flaska.net/



@maintainer(s): since the package has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.
Comment 1 Jan Kundrát (RETIRED) gentoo-dev 2014-03-20 20:17:26 UTC
This is now CVE-2014-2567.

Upstream release 0.4.1 (on sourceforge, sha1sum 3db0c6736db9834630dc8bcded00707cfef60a20) fixes the problem. Please fix this by a version bump.
Comment 2 Agostino Sarubbo gentoo-dev 2014-03-21 16:34:52 UTC
+*trojita-0.4.1 (21 Mar 2014)
+
+  21 Mar 2014; Agostino Sarubbo <ago@gentoo.org> +trojita-0.4.1.ebuild:
+  Version bump to 0.4.1 to fix CVE-2014-2567, wrt bug #505146
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2014-04-10 21:13:59 UTC
CVE-2014-2567 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2567):
  The OpenConnectionTask::handleStateHelper function in
  Imap/Tasks/OpenConnectionTask.cpp in Trojita before 0.4.1 allows
  man-in-the-middle attackers to trigger use of cleartext for saving a message
  into a (1) sent or (2) draft folder via a PREAUTH response that prevents
  later use of the STARTTLS command.
Comment 4 Johannes Huber (RETIRED) gentoo-dev 2014-04-10 21:22:54 UTC
Thanks all. Removing kde + qt from cc. Nothing to do here anymore.