*** This bug is a security vulnerability *** Public security bug reported:
Recently, we are trying to find SSL security problems by static analysis. For example, as we all know, Hostname verification is an important step when verifying X509 certificates, however, people tend to miss the step or to misunderstand the APIs when using SSL/TLS, which might cause severe man in the middle attack and break the entire TLS mechanism. And static analysis is a way of finding whether the APIs are called correctly. Now, we find some SSL problems in dma, the following is details: ----------------------------------------------------------------------------- file : dma/dma-0.0.2010.06.17/crypto.c ----------------------------------------------------------------------------- function : smtp_init_crypto ----------------------------------------------------------------------------- SSL method : \ ----------------------------------------------------------------------------- call SSL_CTX_set_verify() : NOT FOUND ----------------------------------------------------------------------------- Have SSL_CTX_set_verify ( SSL_set_verify) callback : NO ----------------------------------------------------------------------------- call SSL_get_peer_certificate(): YES (but NO X509 suite API for custom verification) ----------------------------------------------------------------------------- call SSL_get_verify_result(): NO ----------------------------------------------------------------------------- According to the above result, we think the SSL connection in dma is not secure. For instance, missing hostname or expired time check when verifying x509 certificate. More specifically , we can take function SSL_CTX_set_verify() for example, when using OPENSSL, if we call SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_NONE, null), we should verify the certificate by calling the function SSL_get_peer_certificate() to get the certificate at first. Then use X509 APIs or self-define function to verify the certificate we get. If the source code does not match this model, then we can deduce this code is vulnerable. And other APIs have similar problems. To verify the result we make, we attack the software manually. At first, we should configure the software environment: 1. configure the file /etc/dma/dma.conf: # $DragonFly: src/etc/dma/dma.conf,v 1.2 2008/02/04 10:11:41 matthias Exp $ # # Your smarthost (also called relayhost). Leave blank if you don't want # smarthost support. # NOTE: on Debian systems this is handled via debconf! # Please use dpkg-reconfigure dma to change this value. #SMARTHOST SMARTHOST smtp.gmail.com # Use this SMTP port. Most users will be fine with the default (25) #PORT 25 PORT 587 # Path to your alias file. Just stay with the default. #ALIASES /etc/aliases # Path to your spooldir. Just stay with the default. #SPOOLDIR /var/spool/dma # SMTP authentication AUTHPATH /etc/dma/auth.conf # Uncomment if yout want TLS/SSL support SECURETRANSFER # Uncomment if you want STARTTLS support (only used in combination with # SECURETRANSFER) STARTTLS # Uncomment if you have specified STARTTLS above and it should be allowed # to fail ("opportunistic TLS", use an encrypted connection when available # but allow an unencrypted one to servers that do not support it) #OPPORTUNISTIC_TLS # Path to your local SSL certificate #CERTFILE # If you want to use plain text SMTP login without using encryption, change # the SECURE entry below to INSECURE. Otherwise plain login will only work # over a secure connection. Use this option with caution. INSECURE # Uncomment if you want to defer your mails. This is useful if you are # behind a dialup line. You have to submit your mails manually with dma -q #DEFER # Uncomment if you want the bounce message to include the complete original # message, not just the headers. #FULLBOUNCE # The internet hostname dma uses to identify the host. # If not set or empty, the result of gethostname(2) is used. # If MAILNAME is an absolute path to a file, the first line of this file # will be used as the hostname. # NOTE: on Debian systems this is handled via debconf! # Please use dpkg-reconfigure dma to change this value. MAILNAME /etc/mailname # Masquerade envelope from addresses with this address/hostname. # Use this if mails are not accepted by destination mail servers because # your sender domain is invalid. # By default, MASQUERADE is not set. # Format: MASQUERADE [user@][host] # Examples: # MASQUERADE john@ on host "hamlet" will send all mails as john@hamlet # MASQUERADE percolator will send mails as $username@percolator, e.g. fish@percolator # MASQUERADE herb@ert will send all mails as herb@ert 2. configure the file /etc/dma/auth.conf: # $DragonFly: src/etc/dma/auth.conf,v 1.1 2008/02/02 18:24:00 matthias Exp $ # # SMTP authentication entries (currently AUTH LOGIN only) # Format: user|my.smarthost.example.com:password 598105...@qq.com|smtp.gmail.com:Password 3. configure ~/.muttrc: set sendmail="/usr/sbin/dma -f 598105...@qq.com" set folder="~/Mail" set mbox="~/Mail/inbox" #set mbox_type=maildir set spoolfile="~/Mail/inbox" set postponed="~/Mail/postponed" set record="~/Mail/sent" my_hdr From: 598105...@qq.com Ok ,let's start! 一.Hostname verification 1. change /etc/hosts in order to simulate the DNS hijack 182.254.3.179 smtp.gmail.com (182.254.3.179 is a normal smtp server) 2. use mutt to send the mail ( mutt use dma as a MTA) 3. result : receivethe mail ! The fetch succeeded, indicating the software didn't check the hostname against the signee of the certificate. 二. Also for expired time check, 1. change the system time to 2200 to guarantee the certificate to be expired. 2. run mutt to send email 3. result:succeed!! The fetch succeeded again and no warning was given, indicating the software didn't check whether the certificate expired or not. PS: I have saved the SSL connection Wireshark packages, and upload these files. for more information, you can see the paper: http://people.stfx.ca/x2011/x2011ucj/SSL/p38-georgiev.pdf and more details you can contact with us, we will be very glad for your responce. Thanks. ** Affects: dma (Ubuntu) Importance: Undecided Status: New ** Information type changed from Private Security to Public Security ** Description changed: Recently, we are trying to find SSL security problems by static analysis. For example, as we all know, Hostname verification is an important step when verifying X509 certificates, however, people tend to miss the step or to misunderstand the APIs when using SSL/TLS, which might cause severe man in the middle attack and break the entire TLS mechanism. And static analysis is a way of finding whether the APIs are called correctly. Now, we find some SSL problems in dma, the following is details: ----------------------------------------------------------------------------- file : dma/dma-0.0.2010.06.17/crypto.c ----------------------------------------------------------------------------- function : smtp_init_crypto ----------------------------------------------------------------------------- SSL method : \ ----------------------------------------------------------------------------- call SSL_CTX_set_verify() : NOT FOUND ----------------------------------------------------------------------------- Have SSL_CTX_set_verify ( SSL_set_verify) callback : NO ----------------------------------------------------------------------------- call SSL_get_peer_certificate(): YES (but NO X509 suite API for custom verification) ----------------------------------------------------------------------------- call SSL_get_verify_result(): NO ----------------------------------------------------------------------------- - According to the above result, we think the SSL connection in epic5 is - not secure. For instance, missing hostname or expired time check when + According to the above result, we think the SSL connection in dmais not + secure. For instance, missing hostname or expired time check when verifying x509 certificate. More specifically , we can take function SSL_CTX_set_verify() for example, when using OPENSSL, if we call SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_NONE, null), we should verify the certificate by calling the function SSL_get_peer_certificate() to get the certificate at first. Then use X509 APIs or self-define function to verify the certificate we get. If the source code does not match this model, then we can deduce this code is vulnerable. And other APIs have similar problems. To verify the result we make, we attack the software manually. - At first, we should configure the software environment: + At first, we should configure the software environment: 1. configure the file /etc/dma/dma.conf: # $DragonFly: src/etc/dma/dma.conf,v 1.2 2008/02/04 10:11:41 matthias Exp $ # # Your smarthost (also called relayhost). Leave blank if you don't want # smarthost support. # NOTE: on Debian systems this is handled via debconf! # Please use dpkg-reconfigure dma to change this value. #SMARTHOST SMARTHOST smtp.gmail.com # Use this SMTP port. Most users will be fine with the default (25) #PORT 25 PORT 587 # Path to your alias file. Just stay with the default. #ALIASES /etc/aliases # Path to your spooldir. Just stay with the default. #SPOOLDIR /var/spool/dma # SMTP authentication AUTHPATH /etc/dma/auth.conf # Uncomment if yout want TLS/SSL support SECURETRANSFER # Uncomment if you want STARTTLS support (only used in combination with # SECURETRANSFER) STARTTLS # Uncomment if you have specified STARTTLS above and it should be allowed # to fail ("opportunistic TLS", use an encrypted connection when available # but allow an unencrypted one to servers that do not support it) #OPPORTUNISTIC_TLS # Path to your local SSL certificate #CERTFILE # If you want to use plain text SMTP login without using encryption, change # the SECURE entry below to INSECURE. Otherwise plain login will only work # over a secure connection. Use this option with caution. INSECURE # Uncomment if you want to defer your mails. This is useful if you are # behind a dialup line. You have to submit your mails manually with dma -q #DEFER # Uncomment if you want the bounce message to include the complete original # message, not just the headers. #FULLBOUNCE # The internet hostname dma uses to identify the host. # If not set or empty, the result of gethostname(2) is used. # If MAILNAME is an absolute path to a file, the first line of this file # will be used as the hostname. # NOTE: on Debian systems this is handled via debconf! # Please use dpkg-reconfigure dma to change this value. MAILNAME /etc/mailname # Masquerade envelope from addresses with this address/hostname. # Use this if mails are not accepted by destination mail servers because # your sender domain is invalid. # By default, MASQUERADE is not set. # Format: MASQUERADE [user@][host] # Examples: # MASQUERADE john@ on host "hamlet" will send all mails as john@hamlet # MASQUERADE percolator will send mails as $username@percolator, e.g. fish@percolator # MASQUERADE herb@ert will send all mails as herb@ert 2. configure the file /etc/dma/auth.conf: # $DragonFly: src/etc/dma/auth.conf,v 1.1 2008/02/02 18:24:00 matthias Exp $ # # SMTP authentication entries (currently AUTH LOGIN only) # Format: user|my.smarthost.example.com:password 598105...@qq.com|smtp.gmail.com:Password 3. configure ~/.muttrc: set sendmail="/usr/sbin/dma -f 598105...@qq.com" set folder="~/Mail" set mbox="~/Mail/inbox" #set mbox_type=maildir set spoolfile="~/Mail/inbox" set postponed="~/Mail/postponed" set record="~/Mail/sent" - my_hdr From: 598105...@qq.com + my_hdr From: 598105...@qq.com Ok ,let's start! 一.Hostname verification 1. change /etc/hosts in order to simulate the DNS hijack - 182.254.3.179 smtp.gmail.com - (182.254.3.179 is a normal smtp server) + 182.254.3.179 smtp.gmail.com + (182.254.3.179 is a normal smtp server) 2. use mutt to send the mail ( mutt use dma as a MTA) 3. result : receivethe mail ! The fetch succeeded, indicating the software didn't check the hostname against the signee of the certificate. 二. Also for expired time check, 1. change the system time to 2200 to guarantee the certificate to be expired. 2. run mutt to send email 3. result:succeed!! The fetch succeeded again and no warning was given, indicating the software didn't check whether the certificate expired or not. PS: I have saved the SSL connection Wireshark packages, and upload these files. for more information, you can see the paper: http://people.stfx.ca/x2011/x2011ucj/SSL/p38-georgiev.pdf and more details you can contact with us, we will be very glad for your responce. Thanks. ** Description changed: Recently, we are trying to find SSL security problems by static analysis. For example, as we all know, Hostname verification is an important step when verifying X509 certificates, however, people tend to miss the step or to misunderstand the APIs when using SSL/TLS, which might cause severe man in the middle attack and break the entire TLS mechanism. And static analysis is a way of finding whether the APIs are called correctly. Now, we find some SSL problems in dma, the following is details: ----------------------------------------------------------------------------- file : dma/dma-0.0.2010.06.17/crypto.c ----------------------------------------------------------------------------- function : smtp_init_crypto ----------------------------------------------------------------------------- SSL method : \ ----------------------------------------------------------------------------- call SSL_CTX_set_verify() : NOT FOUND ----------------------------------------------------------------------------- Have SSL_CTX_set_verify ( SSL_set_verify) callback : NO ----------------------------------------------------------------------------- call SSL_get_peer_certificate(): YES (but NO X509 suite API for custom verification) ----------------------------------------------------------------------------- call SSL_get_verify_result(): NO ----------------------------------------------------------------------------- - According to the above result, we think the SSL connection in dmais not + According to the above result, we think the SSL connection in dma is not secure. For instance, missing hostname or expired time check when verifying x509 certificate. More specifically , we can take function SSL_CTX_set_verify() for example, when using OPENSSL, if we call SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_NONE, null), we should verify the certificate by calling the function SSL_get_peer_certificate() to get the certificate at first. Then use X509 APIs or self-define function to verify the certificate we get. If the source code does not match this model, then we can deduce this code is vulnerable. And other APIs have similar problems. To verify the result we make, we attack the software manually. At first, we should configure the software environment: 1. configure the file /etc/dma/dma.conf: # $DragonFly: src/etc/dma/dma.conf,v 1.2 2008/02/04 10:11:41 matthias Exp $ # # Your smarthost (also called relayhost). Leave blank if you don't want # smarthost support. # NOTE: on Debian systems this is handled via debconf! # Please use dpkg-reconfigure dma to change this value. #SMARTHOST SMARTHOST smtp.gmail.com # Use this SMTP port. Most users will be fine with the default (25) #PORT 25 PORT 587 # Path to your alias file. Just stay with the default. #ALIASES /etc/aliases # Path to your spooldir. Just stay with the default. #SPOOLDIR /var/spool/dma # SMTP authentication AUTHPATH /etc/dma/auth.conf # Uncomment if yout want TLS/SSL support SECURETRANSFER # Uncomment if you want STARTTLS support (only used in combination with # SECURETRANSFER) STARTTLS # Uncomment if you have specified STARTTLS above and it should be allowed # to fail ("opportunistic TLS", use an encrypted connection when available # but allow an unencrypted one to servers that do not support it) #OPPORTUNISTIC_TLS # Path to your local SSL certificate #CERTFILE # If you want to use plain text SMTP login without using encryption, change # the SECURE entry below to INSECURE. Otherwise plain login will only work # over a secure connection. Use this option with caution. INSECURE # Uncomment if you want to defer your mails. This is useful if you are # behind a dialup line. You have to submit your mails manually with dma -q #DEFER # Uncomment if you want the bounce message to include the complete original # message, not just the headers. #FULLBOUNCE # The internet hostname dma uses to identify the host. # If not set or empty, the result of gethostname(2) is used. # If MAILNAME is an absolute path to a file, the first line of this file # will be used as the hostname. # NOTE: on Debian systems this is handled via debconf! # Please use dpkg-reconfigure dma to change this value. MAILNAME /etc/mailname # Masquerade envelope from addresses with this address/hostname. # Use this if mails are not accepted by destination mail servers because # your sender domain is invalid. # By default, MASQUERADE is not set. # Format: MASQUERADE [user@][host] # Examples: # MASQUERADE john@ on host "hamlet" will send all mails as john@hamlet # MASQUERADE percolator will send mails as $username@percolator, e.g. fish@percolator # MASQUERADE herb@ert will send all mails as herb@ert 2. configure the file /etc/dma/auth.conf: # $DragonFly: src/etc/dma/auth.conf,v 1.1 2008/02/02 18:24:00 matthias Exp $ # # SMTP authentication entries (currently AUTH LOGIN only) # Format: user|my.smarthost.example.com:password 598105...@qq.com|smtp.gmail.com:Password 3. configure ~/.muttrc: set sendmail="/usr/sbin/dma -f 598105...@qq.com" set folder="~/Mail" set mbox="~/Mail/inbox" #set mbox_type=maildir set spoolfile="~/Mail/inbox" set postponed="~/Mail/postponed" set record="~/Mail/sent" my_hdr From: 598105...@qq.com Ok ,let's start! 一.Hostname verification 1. change /etc/hosts in order to simulate the DNS hijack 182.254.3.179 smtp.gmail.com (182.254.3.179 is a normal smtp server) 2. use mutt to send the mail ( mutt use dma as a MTA) 3. result : receivethe mail ! The fetch succeeded, indicating the software didn't check the hostname against the signee of the certificate. 二. Also for expired time check, 1. change the system time to 2200 to guarantee the certificate to be expired. 2. run mutt to send email 3. result:succeed!! The fetch succeeded again and no warning was given, indicating the software didn't check whether the certificate expired or not. PS: I have saved the SSL connection Wireshark packages, and upload these files. for more information, you can see the paper: http://people.stfx.ca/x2011/x2011ucj/SSL/p38-georgiev.pdf and more details you can contact with us, we will be very glad for your responce. Thanks. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1380458 Title: dma have some SSL security problems To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dma/+bug/1380458/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs