fix CVE-2020-14093
This commit is contained in:
starlet_dx
parent
f3b6c8b257
commit
755a16adf9
53
CVE-2020-14093.patch
Normal file
53
CVE-2020-14093.patch
Normal file
@ -0,0 +1,53 @@
|
|||||||
|
From 3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Kevin McCarthy <kevin@8t8.us>
|
||||||
|
Date: Sun, 14 Jun 2020 11:30:00 -0700
|
||||||
|
Subject: [PATCH] Prevent possible IMAP MITM via PREAUTH response.
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
This is similar to CVE-2014-2567 and CVE-2020-12398. STARTTLS is not
|
||||||
|
allowed in the Authenticated state, so previously Mutt would
|
||||||
|
implicitly mark the connection as authenticated and skip any
|
||||||
|
encryption checking/enabling.
|
||||||
|
|
||||||
|
No credentials are exposed, but it does allow messages to be sent to
|
||||||
|
an attacker, via postpone or fcc'ing for instance.
|
||||||
|
|
||||||
|
Reuse the $ssl_starttls quadoption "in reverse" to prompt to abort the
|
||||||
|
connection if it is unencrypted.
|
||||||
|
|
||||||
|
Thanks very much to Damian Poddebniak and Fabian Ising from the
|
||||||
|
Münster University of Applied Sciences for reporting this issue, and
|
||||||
|
their help in testing the fix.
|
||||||
|
---
|
||||||
|
imap/imap.c | 16 ++++++++++++++++
|
||||||
|
1 file changed, 16 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/imap/imap.c b/imap/imap.c
|
||||||
|
index 63362176..3ca10df4 100644
|
||||||
|
--- a/imap/imap.c
|
||||||
|
+++ b/imap/imap.c
|
||||||
|
@@ -493,6 +493,22 @@ int imap_open_connection (IMAP_DATA* idata)
|
||||||
|
}
|
||||||
|
else if (ascii_strncasecmp ("* PREAUTH", idata->buf, 9) == 0)
|
||||||
|
{
|
||||||
|
+#if defined(USE_SSL)
|
||||||
|
+ /* An unencrypted PREAUTH response is most likely a MITM attack.
|
||||||
|
+ * Require a confirmation. */
|
||||||
|
+ if (!idata->conn->ssf)
|
||||||
|
+ {
|
||||||
|
+ if (option(OPTSSLFORCETLS) ||
|
||||||
|
+ (query_quadoption (OPT_SSLSTARTTLS,
|
||||||
|
+ _("Abort unencrypted PREAUTH connection?")) != MUTT_NO))
|
||||||
|
+ {
|
||||||
|
+ mutt_error _("Encrypted connection unavailable");
|
||||||
|
+ mutt_sleep (1);
|
||||||
|
+ goto err_close_conn;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
idata->state = IMAP_AUTHENTICATED;
|
||||||
|
if (imap_check_capabilities (idata) != 0)
|
||||||
|
goto bail;
|
||||||
@ -1,6 +1,6 @@
|
|||||||
Name: mutt
|
Name: mutt
|
||||||
Version: 1.10.1
|
Version: 1.10.1
|
||||||
Release: 4
|
Release: 5
|
||||||
Epoch: 5
|
Epoch: 5
|
||||||
Summary: Text-based mail client
|
Summary: Text-based mail client
|
||||||
License: GPLv2+ and Public Domain
|
License: GPLv2+ and Public Domain
|
||||||
@ -17,6 +17,7 @@ Patch8: mutt-1.5.23-system_certs.patch
|
|||||||
Patch9: mutt-1.9.0-ssl_ciphers.patch
|
Patch9: mutt-1.9.0-ssl_ciphers.patch
|
||||||
Patch13: CVE-2020-28896.patch
|
Patch13: CVE-2020-28896.patch
|
||||||
Patch14: CVE-2021-3181.patch
|
Patch14: CVE-2021-3181.patch
|
||||||
|
Patch15: CVE-2020-14093.patch
|
||||||
|
|
||||||
BuildRequires: gcc ncurses-devel gettext automake /usr/bin/xsltproc
|
BuildRequires: gcc ncurses-devel gettext automake /usr/bin/xsltproc
|
||||||
BuildRequires: lynx docbook-style-xsl perl-interpreter perl-generators
|
BuildRequires: lynx docbook-style-xsl perl-interpreter perl-generators
|
||||||
@ -121,6 +122,9 @@ ln -sf ./muttrc.5 %{buildroot}%{_mandir}/man5/muttrc.local.5
|
|||||||
%{_mandir}/man5/muttrc.*
|
%{_mandir}/man5/muttrc.*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Jul 23 2021 yaoxin<yaoxin30@huawei.com> - 1.10.1-5
|
||||||
|
- fix CVE-2020-14093
|
||||||
|
|
||||||
* Sat Feb 20 2021 zhanghua<zhanghua40@huawei.com> - 1.10.1-4
|
* Sat Feb 20 2021 zhanghua<zhanghua40@huawei.com> - 1.10.1-4
|
||||||
- fix CVE-2021-3181
|
- fix CVE-2021-3181
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user