*** This bug is a security vulnerability ***

Public security bug reported:

Recently, we are trying to find SSL security problems by static
analysis. For example, as we all know, Hostname verification is an
important step when verifying X509 certificates, however, people tend to
miss the step or to misunderstand the APIs when using SSL/TLS, which
might cause severe man in the middle attack and break the entire TLS
mechanism. And static analysis is a way of finding whether the APIs are
called correctly.

Now, we find some SSL problems in dma, the following is details:

-----------------------------------------------------------------------------
file : dma/dma-0.0.2010.06.17/crypto.c
-----------------------------------------------------------------------------
function : smtp_init_crypto
-----------------------------------------------------------------------------
SSL method : \
-----------------------------------------------------------------------------
call SSL_CTX_set_verify() : NOT FOUND
-----------------------------------------------------------------------------
Have SSL_CTX_set_verify ( SSL_set_verify) callback : NO
-----------------------------------------------------------------------------
call SSL_get_peer_certificate(): YES (but NO X509 suite API for custom 
verification)
-----------------------------------------------------------------------------
call SSL_get_verify_result(): NO
-----------------------------------------------------------------------------

According to the above result, we think the SSL connection in dma is not
secure. For instance, missing hostname  or expired time check when
verifying x509  certificate.

More specifically , we can take function SSL_CTX_set_verify() for
example, when using OPENSSL, if we call SSL_CTX_set_verify(ssl_ctx,
SSL_VERIFY_NONE, null), we should verify the certificate by calling the
function SSL_get_peer_certificate() to get the certificate at first.
Then use X509 APIs or self-define function to verify the certificate we
get. If the source code does not match this model, then we can deduce
this code is vulnerable. And other APIs have similar problems.

To verify the result we make, we attack the software manually.

At first, we should configure the software environment:
1. configure the file /etc/dma/dma.conf:
# $DragonFly: src/etc/dma/dma.conf,v 1.2 2008/02/04 10:11:41 matthias Exp $
#
# Your smarthost (also called relayhost).  Leave blank if you don't want
# smarthost support.
# NOTE: on Debian systems this is handled via debconf!
# Please use dpkg-reconfigure dma to change this value.
#SMARTHOST
SMARTHOST smtp.gmail.com

# Use this SMTP port.  Most users will be fine with the default (25)
#PORT 25
PORT 587

# Path to your alias file.  Just stay with the default.
#ALIASES /etc/aliases

# Path to your spooldir.  Just stay with the default.
#SPOOLDIR /var/spool/dma

# SMTP authentication
AUTHPATH /etc/dma/auth.conf

# Uncomment if yout want TLS/SSL support
SECURETRANSFER

# Uncomment if you want STARTTLS support (only used in combination with
# SECURETRANSFER)
STARTTLS

# Uncomment if you have specified STARTTLS above and it should be allowed
# to fail ("opportunistic TLS", use an encrypted connection when available
# but allow an unencrypted one to servers that do not support it)
#OPPORTUNISTIC_TLS

# Path to your local SSL certificate
#CERTFILE

# If you want to use plain text SMTP login without using encryption, change
# the SECURE entry below to INSECURE.  Otherwise plain login will only work
# over a secure connection.  Use this option with caution.
INSECURE

# Uncomment if you want to defer your mails.  This is useful if you are
# behind a dialup line.  You have to submit your mails manually with dma -q
#DEFER

# Uncomment if you want the bounce message to include the complete original
# message, not just the headers.
#FULLBOUNCE

# The internet hostname dma uses to identify the host.
# If not set or empty, the result of gethostname(2) is used.
# If MAILNAME is an absolute path to a file, the first line of this file
# will be used as the hostname.
# NOTE: on Debian systems this is handled via debconf!
# Please use dpkg-reconfigure dma to change this value.
MAILNAME /etc/mailname

# Masquerade envelope from addresses with this address/hostname.
# Use this if mails are not accepted by destination mail servers because
# your sender domain is invalid.
# By default, MASQUERADE is not set.
# Format: MASQUERADE [user@][host]
# Examples:
# MASQUERADE john@  on host "hamlet" will send all mails as john@hamlet
# MASQUERADE percolator  will send mails as $username@percolator, e.g. 
fish@percolator
# MASQUERADE herb@ert  will send all mails as herb@ert

2. configure the file /etc/dma/auth.conf:
# $DragonFly: src/etc/dma/auth.conf,v 1.1 2008/02/02 18:24:00 matthias Exp $
#
# SMTP authentication entries (currently AUTH LOGIN only)
# Format: user|my.smarthost.example.com:password
598105...@qq.com|smtp.gmail.com:Password

3. configure ~/.muttrc:
set sendmail="/usr/sbin/dma -f 598105...@qq.com"
set folder="~/Mail"
set mbox="~/Mail/inbox"
#set mbox_type=maildir
set spoolfile="~/Mail/inbox"
set postponed="~/Mail/postponed"
set record="~/Mail/sent"
my_hdr From: 598105...@qq.com

Ok ,let's start!

一.Hostname verification
1. change /etc/hosts in order to simulate the DNS hijack
     182.254.3.179   smtp.gmail.com
   (182.254.3.179 is a normal smtp server)

2. use mutt  to send the mail ( mutt use dma as a MTA)

3. result : receivethe mail !

The fetch succeeded, indicating the software didn't check the hostname
against the signee of the certificate.

二. Also for expired time check,
1. change the system time to 2200 to guarantee the certificate to be expired.

2. run mutt to send email

3. result:succeed!!

The fetch succeeded again and no warning was given, indicating the
software didn't check whether the certificate expired or not.

PS: I have saved the SSL connection Wireshark packages, and upload these files.
for more information, you can see the paper: 
http://people.stfx.ca/x2011/x2011ucj/SSL/p38-georgiev.pdf
and more details you can contact with us, we will be very glad for your 
responce.

Thanks.

** Affects: dma (Ubuntu)
     Importance: Undecided
         Status: New

** Information type changed from Private Security to Public Security

** Description changed:

  Recently, we are trying to find SSL security problems by static
  analysis. For example, as we all know, Hostname verification is an
  important step when verifying X509 certificates, however, people tend to
  miss the step or to misunderstand the APIs when using SSL/TLS, which
  might cause severe man in the middle attack and break the entire TLS
  mechanism. And static analysis is a way of finding whether the APIs are
  called correctly.
  
  Now, we find some SSL problems in dma, the following is details:
  
  -----------------------------------------------------------------------------
  file : dma/dma-0.0.2010.06.17/crypto.c
  -----------------------------------------------------------------------------
  function : smtp_init_crypto
  -----------------------------------------------------------------------------
  SSL method : \
  -----------------------------------------------------------------------------
  call SSL_CTX_set_verify() : NOT FOUND
  -----------------------------------------------------------------------------
  Have SSL_CTX_set_verify ( SSL_set_verify) callback : NO
  -----------------------------------------------------------------------------
  call SSL_get_peer_certificate(): YES (but NO X509 suite API for custom 
verification)
  -----------------------------------------------------------------------------
  call SSL_get_verify_result(): NO
  -----------------------------------------------------------------------------
  
- According to the above result, we think the SSL connection in epic5 is
- not secure. For instance, missing hostname  or expired time check when
+ According to the above result, we think the SSL connection in dmais not
+ secure. For instance, missing hostname  or expired time check when
  verifying x509  certificate.
  
  More specifically , we can take function SSL_CTX_set_verify() for
  example, when using OPENSSL, if we call SSL_CTX_set_verify(ssl_ctx,
  SSL_VERIFY_NONE, null), we should verify the certificate by calling the
  function SSL_get_peer_certificate() to get the certificate at first.
  Then use X509 APIs or self-define function to verify the certificate we
  get. If the source code does not match this model, then we can deduce
  this code is vulnerable. And other APIs have similar problems.
  
  To verify the result we make, we attack the software manually.
  
- At first, we should configure the software environment: 
+ At first, we should configure the software environment:
  1. configure the file /etc/dma/dma.conf:
  # $DragonFly: src/etc/dma/dma.conf,v 1.2 2008/02/04 10:11:41 matthias Exp $
  #
  # Your smarthost (also called relayhost).  Leave blank if you don't want
  # smarthost support.
  # NOTE: on Debian systems this is handled via debconf!
  # Please use dpkg-reconfigure dma to change this value.
  #SMARTHOST
  SMARTHOST smtp.gmail.com
  
  # Use this SMTP port.  Most users will be fine with the default (25)
  #PORT 25
  PORT 587
  
  # Path to your alias file.  Just stay with the default.
  #ALIASES /etc/aliases
  
  # Path to your spooldir.  Just stay with the default.
  #SPOOLDIR /var/spool/dma
  
  # SMTP authentication
  AUTHPATH /etc/dma/auth.conf
  
  # Uncomment if yout want TLS/SSL support
  SECURETRANSFER
  
  # Uncomment if you want STARTTLS support (only used in combination with
  # SECURETRANSFER)
  STARTTLS
  
  # Uncomment if you have specified STARTTLS above and it should be allowed
  # to fail ("opportunistic TLS", use an encrypted connection when available
  # but allow an unencrypted one to servers that do not support it)
  #OPPORTUNISTIC_TLS
  
  # Path to your local SSL certificate
  #CERTFILE
  
  # If you want to use plain text SMTP login without using encryption, change
  # the SECURE entry below to INSECURE.  Otherwise plain login will only work
  # over a secure connection.  Use this option with caution.
  INSECURE
  
  # Uncomment if you want to defer your mails.  This is useful if you are
  # behind a dialup line.  You have to submit your mails manually with dma -q
  #DEFER
  
  # Uncomment if you want the bounce message to include the complete original
  # message, not just the headers.
  #FULLBOUNCE
  
  # The internet hostname dma uses to identify the host.
  # If not set or empty, the result of gethostname(2) is used.
  # If MAILNAME is an absolute path to a file, the first line of this file
  # will be used as the hostname.
  # NOTE: on Debian systems this is handled via debconf!
  # Please use dpkg-reconfigure dma to change this value.
  MAILNAME /etc/mailname
  
  # Masquerade envelope from addresses with this address/hostname.
  # Use this if mails are not accepted by destination mail servers because
  # your sender domain is invalid.
  # By default, MASQUERADE is not set.
  # Format: MASQUERADE [user@][host]
  # Examples:
  # MASQUERADE john@  on host "hamlet" will send all mails as john@hamlet
  # MASQUERADE percolator  will send mails as $username@percolator, e.g. 
fish@percolator
  # MASQUERADE herb@ert  will send all mails as herb@ert
  
  2. configure the file /etc/dma/auth.conf:
  # $DragonFly: src/etc/dma/auth.conf,v 1.1 2008/02/02 18:24:00 matthias Exp $
  #
  # SMTP authentication entries (currently AUTH LOGIN only)
  # Format: user|my.smarthost.example.com:password
  598105...@qq.com|smtp.gmail.com:Password
  
  3. configure ~/.muttrc:
  set sendmail="/usr/sbin/dma -f 598105...@qq.com"
  set folder="~/Mail"
  set mbox="~/Mail/inbox"
  #set mbox_type=maildir
  set spoolfile="~/Mail/inbox"
  set postponed="~/Mail/postponed"
  set record="~/Mail/sent"
- my_hdr From: 598105...@qq.com 
+ my_hdr From: 598105...@qq.com
  
  Ok ,let's start!
  
  一.Hostname verification
  1. change /etc/hosts in order to simulate the DNS hijack
-      182.254.3.179   smtp.gmail.com
-    (182.254.3.179 is a normal smtp server)
+      182.254.3.179   smtp.gmail.com
+    (182.254.3.179 is a normal smtp server)
  
  2. use mutt  to send the mail ( mutt use dma as a MTA)
  
  3. result : receivethe mail !
  
  The fetch succeeded, indicating the software didn't check the hostname
  against the signee of the certificate.
  
  二. Also for expired time check,
  1. change the system time to 2200 to guarantee the certificate to be expired.
  
  2. run mutt to send email
  
  3. result:succeed!!
  
  The fetch succeeded again and no warning was given, indicating the
  software didn't check whether the certificate expired or not.
  
  PS: I have saved the SSL connection Wireshark packages, and upload these 
files.
  for more information, you can see the paper: 
http://people.stfx.ca/x2011/x2011ucj/SSL/p38-georgiev.pdf
  and more details you can contact with us, we will be very glad for your 
responce.
  
  Thanks.

** Description changed:

  Recently, we are trying to find SSL security problems by static
  analysis. For example, as we all know, Hostname verification is an
  important step when verifying X509 certificates, however, people tend to
  miss the step or to misunderstand the APIs when using SSL/TLS, which
  might cause severe man in the middle attack and break the entire TLS
  mechanism. And static analysis is a way of finding whether the APIs are
  called correctly.
  
  Now, we find some SSL problems in dma, the following is details:
  
  -----------------------------------------------------------------------------
  file : dma/dma-0.0.2010.06.17/crypto.c
  -----------------------------------------------------------------------------
  function : smtp_init_crypto
  -----------------------------------------------------------------------------
  SSL method : \
  -----------------------------------------------------------------------------
  call SSL_CTX_set_verify() : NOT FOUND
  -----------------------------------------------------------------------------
  Have SSL_CTX_set_verify ( SSL_set_verify) callback : NO
  -----------------------------------------------------------------------------
  call SSL_get_peer_certificate(): YES (but NO X509 suite API for custom 
verification)
  -----------------------------------------------------------------------------
  call SSL_get_verify_result(): NO
  -----------------------------------------------------------------------------
  
- According to the above result, we think the SSL connection in dmais not
+ According to the above result, we think the SSL connection in dma is not
  secure. For instance, missing hostname  or expired time check when
  verifying x509  certificate.
  
  More specifically , we can take function SSL_CTX_set_verify() for
  example, when using OPENSSL, if we call SSL_CTX_set_verify(ssl_ctx,
  SSL_VERIFY_NONE, null), we should verify the certificate by calling the
  function SSL_get_peer_certificate() to get the certificate at first.
  Then use X509 APIs or self-define function to verify the certificate we
  get. If the source code does not match this model, then we can deduce
  this code is vulnerable. And other APIs have similar problems.
  
  To verify the result we make, we attack the software manually.
  
  At first, we should configure the software environment:
  1. configure the file /etc/dma/dma.conf:
  # $DragonFly: src/etc/dma/dma.conf,v 1.2 2008/02/04 10:11:41 matthias Exp $
  #
  # Your smarthost (also called relayhost).  Leave blank if you don't want
  # smarthost support.
  # NOTE: on Debian systems this is handled via debconf!
  # Please use dpkg-reconfigure dma to change this value.
  #SMARTHOST
  SMARTHOST smtp.gmail.com
  
  # Use this SMTP port.  Most users will be fine with the default (25)
  #PORT 25
  PORT 587
  
  # Path to your alias file.  Just stay with the default.
  #ALIASES /etc/aliases
  
  # Path to your spooldir.  Just stay with the default.
  #SPOOLDIR /var/spool/dma
  
  # SMTP authentication
  AUTHPATH /etc/dma/auth.conf
  
  # Uncomment if yout want TLS/SSL support
  SECURETRANSFER
  
  # Uncomment if you want STARTTLS support (only used in combination with
  # SECURETRANSFER)
  STARTTLS
  
  # Uncomment if you have specified STARTTLS above and it should be allowed
  # to fail ("opportunistic TLS", use an encrypted connection when available
  # but allow an unencrypted one to servers that do not support it)
  #OPPORTUNISTIC_TLS
  
  # Path to your local SSL certificate
  #CERTFILE
  
  # If you want to use plain text SMTP login without using encryption, change
  # the SECURE entry below to INSECURE.  Otherwise plain login will only work
  # over a secure connection.  Use this option with caution.
  INSECURE
  
  # Uncomment if you want to defer your mails.  This is useful if you are
  # behind a dialup line.  You have to submit your mails manually with dma -q
  #DEFER
  
  # Uncomment if you want the bounce message to include the complete original
  # message, not just the headers.
  #FULLBOUNCE
  
  # The internet hostname dma uses to identify the host.
  # If not set or empty, the result of gethostname(2) is used.
  # If MAILNAME is an absolute path to a file, the first line of this file
  # will be used as the hostname.
  # NOTE: on Debian systems this is handled via debconf!
  # Please use dpkg-reconfigure dma to change this value.
  MAILNAME /etc/mailname
  
  # Masquerade envelope from addresses with this address/hostname.
  # Use this if mails are not accepted by destination mail servers because
  # your sender domain is invalid.
  # By default, MASQUERADE is not set.
  # Format: MASQUERADE [user@][host]
  # Examples:
  # MASQUERADE john@  on host "hamlet" will send all mails as john@hamlet
  # MASQUERADE percolator  will send mails as $username@percolator, e.g. 
fish@percolator
  # MASQUERADE herb@ert  will send all mails as herb@ert
  
  2. configure the file /etc/dma/auth.conf:
  # $DragonFly: src/etc/dma/auth.conf,v 1.1 2008/02/02 18:24:00 matthias Exp $
  #
  # SMTP authentication entries (currently AUTH LOGIN only)
  # Format: user|my.smarthost.example.com:password
  598105...@qq.com|smtp.gmail.com:Password
  
  3. configure ~/.muttrc:
  set sendmail="/usr/sbin/dma -f 598105...@qq.com"
  set folder="~/Mail"
  set mbox="~/Mail/inbox"
  #set mbox_type=maildir
  set spoolfile="~/Mail/inbox"
  set postponed="~/Mail/postponed"
  set record="~/Mail/sent"
  my_hdr From: 598105...@qq.com
  
  Ok ,let's start!
  
  一.Hostname verification
  1. change /etc/hosts in order to simulate the DNS hijack
       182.254.3.179   smtp.gmail.com
     (182.254.3.179 is a normal smtp server)
  
  2. use mutt  to send the mail ( mutt use dma as a MTA)
  
  3. result : receivethe mail !
  
  The fetch succeeded, indicating the software didn't check the hostname
  against the signee of the certificate.
  
  二. Also for expired time check,
  1. change the system time to 2200 to guarantee the certificate to be expired.
  
  2. run mutt to send email
  
  3. result:succeed!!
  
  The fetch succeeded again and no warning was given, indicating the
  software didn't check whether the certificate expired or not.
  
  PS: I have saved the SSL connection Wireshark packages, and upload these 
files.
  for more information, you can see the paper: 
http://people.stfx.ca/x2011/x2011ucj/SSL/p38-georgiev.pdf
  and more details you can contact with us, we will be very glad for your 
responce.
  
  Thanks.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1380458

Title:
  dma have some SSL security problems

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dma/+bug/1380458/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to