On Thu, Nov 07, 2013 at 11:31:16PM -0500, Daniel Kahn Gillmor wrote: > Package: perdition > Version: 1.19~rc4-2 > Control: found -1 1.19~rc5-1 > Control: found -1 2.0-1 > Tags: patch security upstream > Forwarded: perdition-us...@vergenet.net > > Perdition(8) says: > > --ssl_outgoing_ciphers STRING: > > Cipher list when making outgoing SSL or TLS connections as > per ciphers(1). If empty ("") then openssl's default will > be used. (default "") > > However, this is only the case for outgoing connections that do not use > STARTTLS (the perdition terminology is confusing here, since what it > calls "TLS" actually means "start as cleartext, negotiate to encrypted > via STARTTLS" and what it calls "SSL" actually means "start SSL or TLS > session, run service inside that"). > > Here's the fix: > > diff -r 046a7b19cd5b perdition/perdition.c > --- a/perdition/perdition.c Thu Nov 07 21:23:31 2013 -0500 > +++ b/perdition/perdition.c Thu Nov 07 21:49:39 2013 -0500 > @@ -985,7 +985,7 @@ > else if((opt.ssl_mode & SSL_MODE_TLS_OUTGOING) && > (status & PROTOCOL_S_STARTTLS)) { > server_io=perdition_ssl_client_connection(server_io, opt.ssl_ca_file, > - opt.ssl_ca_path, opt.ssl_listen_ciphers, servername); > + opt.ssl_ca_path, opt.ssl_outgoing_ciphers, servername); > if(!server_io) { > VANESSA_LOGGER_DEBUG("perdition_ssl_connection outgoing"); > VANESSA_LOGGER_ERR("Fatal error establishing SSL connection"); > > > This is a security concern because it means that perdition is not > obeying the specifications of the administrator, and may accept weaker > ciphersuites than instructed on its backhaul connections. > > Consider the case where an administrator wants to offer relatively > promiscuous IMAP connections to their end users -- if the user's MUA > only has some weak cipher suite or cleartext IMAP, we want to accept the > weak ciphersuite as better than nothing. However, the admin's backend > IMAP servers are all under her control, and she knows that they are > capable of stronger ciphersuites. in this case, ssl_listen_ciphers will > allow weak ciphers, and ssl_outgoing_ciphers will be strict and require > high security, to at least protect the link between perdition and the > backend IMAP server. > > However, if this outgoing connection happens to use IMAP+STARTTLS > instead of IMAPS, the bug described here will offer weak ciphersuites to > the backend IMAP server. > > All versions of perdition in debian currently have this flaw. I've > reported it to the upstream mailing list, but for whatever reason the > message hasn't cleared that mailing list yet.
Hi Daniel, thanks for bringing this to my attention and sorry for not noticing the mailing list post: I'm not suer what happened there. I think that the best thing to do is both: * Update the Debian packages with this fix and; * Release a fresh upstream version of perdition with this fix.
signature.asc
Description: Digital signature