On Thu, Nov 07, 2013 at 11:31:16PM -0500, Daniel Kahn Gillmor wrote:
> Package: perdition
> Version: 1.19~rc4-2
> Control: found -1 1.19~rc5-1
> Control: found -1 2.0-1
> Tags: patch security upstream
> Forwarded: perdition-us...@vergenet.net
>
> Perdition(8) says:
>
> --ssl_outgoing_ciphers STRING:
>
> Cipher list when making outgoing SSL or TLS connections as
> per ciphers(1). If empty ("") then openssl's default will
> be used. (default "")
>
> However, this is only the case for outgoing connections that do not use
> STARTTLS (the perdition terminology is confusing here, since what it
> calls "TLS" actually means "start as cleartext, negotiate to encrypted
> via STARTTLS" and what it calls "SSL" actually means "start SSL or TLS
> session, run service inside that").
>
> Here's the fix:
>
> diff -r 046a7b19cd5b perdition/perdition.c
> --- a/perdition/perdition.c Thu Nov 07 21:23:31 2013 -0500
> +++ b/perdition/perdition.c Thu Nov 07 21:49:39 2013 -0500
> @@ -985,7 +985,7 @@
> else if((opt.ssl_mode & SSL_MODE_TLS_OUTGOING) &&
> (status & PROTOCOL_S_STARTTLS)) {
> server_io=perdition_ssl_client_connection(server_io, opt.ssl_ca_file,
> - opt.ssl_ca_path, opt.ssl_listen_ciphers, servername);
> + opt.ssl_ca_path, opt.ssl_outgoing_ciphers, servername);
> if(!server_io) {
> VANESSA_LOGGER_DEBUG("perdition_ssl_connection outgoing");
> VANESSA_LOGGER_ERR("Fatal error establishing SSL connection");
>
>
> This is a security concern because it means that perdition is not
> obeying the specifications of the administrator, and may accept weaker
> ciphersuites than instructed on its backhaul connections.
>
> Consider the case where an administrator wants to offer relatively
> promiscuous IMAP connections to their end users -- if the user's MUA
> only has some weak cipher suite or cleartext IMAP, we want to accept the
> weak ciphersuite as better than nothing. However, the admin's backend
> IMAP servers are all under her control, and she knows that they are
> capable of stronger ciphersuites. in this case, ssl_listen_ciphers will
> allow weak ciphers, and ssl_outgoing_ciphers will be strict and require
> high security, to at least protect the link between perdition and the
> backend IMAP server.
>
> However, if this outgoing connection happens to use IMAP+STARTTLS
> instead of IMAPS, the bug described here will offer weak ciphersuites to
> the backend IMAP server.
>
> All versions of perdition in debian currently have this flaw. I've
> reported it to the upstream mailing list, but for whatever reason the
> message hasn't cleared that mailing list yet.Hi Daniel, thanks for bringing this to my attention and sorry for not noticing the mailing list post: I'm not suer what happened there. I think that the best thing to do is both: * Update the Debian packages with this fix and; * Release a fresh upstream version of perdition with this fix.
signature.asc
Description: Digital signature
