fix CVE-2020-14093
This commit is contained in:
starlet_dx
parent
f3b6c8b257
commit
755a16adf9
53
CVE-2020-14093.patch
Normal file
53
CVE-2020-14093.patch
Normal file
@ -0,0 +1,53 @@
|
||||
From 3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01 Mon Sep 17 00:00:00 2001
|
||||
From: Kevin McCarthy <kevin@8t8.us>
|
||||
Date: Sun, 14 Jun 2020 11:30:00 -0700
|
||||
Subject: [PATCH] Prevent possible IMAP MITM via PREAUTH response.
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
This is similar to CVE-2014-2567 and CVE-2020-12398. STARTTLS is not
|
||||
allowed in the Authenticated state, so previously Mutt would
|
||||
implicitly mark the connection as authenticated and skip any
|
||||
encryption checking/enabling.
|
||||
|
||||
No credentials are exposed, but it does allow messages to be sent to
|
||||
an attacker, via postpone or fcc'ing for instance.
|
||||
|
||||
Reuse the $ssl_starttls quadoption "in reverse" to prompt to abort the
|
||||
connection if it is unencrypted.
|
||||
|
||||
Thanks very much to Damian Poddebniak and Fabian Ising from the
|
||||
Münster University of Applied Sciences for reporting this issue, and
|
||||
their help in testing the fix.
|
||||
---
|
||||
imap/imap.c | 16 ++++++++++++++++
|
||||
1 file changed, 16 insertions(+)
|
||||
|
||||
diff --git a/imap/imap.c b/imap/imap.c
|
||||
index 63362176..3ca10df4 100644
|
||||
--- a/imap/imap.c
|
||||
+++ b/imap/imap.c
|
||||
@@ -493,6 +493,22 @@ int imap_open_connection (IMAP_DATA* idata)
|
||||
}
|
||||
else if (ascii_strncasecmp ("* PREAUTH", idata->buf, 9) == 0)
|
||||
{
|
||||
+#if defined(USE_SSL)
|
||||
+ /* An unencrypted PREAUTH response is most likely a MITM attack.
|
||||
+ * Require a confirmation. */
|
||||
+ if (!idata->conn->ssf)
|
||||
+ {
|
||||
+ if (option(OPTSSLFORCETLS) ||
|
||||
+ (query_quadoption (OPT_SSLSTARTTLS,
|
||||
+ _("Abort unencrypted PREAUTH connection?")) != MUTT_NO))
|
||||
+ {
|
||||
+ mutt_error _("Encrypted connection unavailable");
|
||||
+ mutt_sleep (1);
|
||||
+ goto err_close_conn;
|
||||
+ }
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
idata->state = IMAP_AUTHENTICATED;
|
||||
if (imap_check_capabilities (idata) != 0)
|
||||
goto bail;
|
||||
@ -1,6 +1,6 @@
|
||||
Name: mutt
|
||||
Version: 1.10.1
|
||||
Release: 4
|
||||
Release: 5
|
||||
Epoch: 5
|
||||
Summary: Text-based mail client
|
||||
License: GPLv2+ and Public Domain
|
||||
@ -17,6 +17,7 @@ Patch8: mutt-1.5.23-system_certs.patch
|
||||
Patch9: mutt-1.9.0-ssl_ciphers.patch
|
||||
Patch13: CVE-2020-28896.patch
|
||||
Patch14: CVE-2021-3181.patch
|
||||
Patch15: CVE-2020-14093.patch
|
||||
|
||||
BuildRequires: gcc ncurses-devel gettext automake /usr/bin/xsltproc
|
||||
BuildRequires: lynx docbook-style-xsl perl-interpreter perl-generators
|
||||
@ -121,6 +122,9 @@ ln -sf ./muttrc.5 %{buildroot}%{_mandir}/man5/muttrc.local.5
|
||||
%{_mandir}/man5/muttrc.*
|
||||
|
||||
%changelog
|
||||
* Fri Jul 23 2021 yaoxin<yaoxin30@huawei.com> - 1.10.1-5
|
||||
- fix CVE-2020-14093
|
||||
|
||||
* Sat Feb 20 2021 zhanghua<zhanghua40@huawei.com> - 1.10.1-4
|
||||
- fix CVE-2021-3181
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user