-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 fetchmail-SA-2012-01: Information disclosure under active attack Topics: Information disclosure under active attack with block ciphers Author: Matthias Andree Version: 1.0 Announced: 2012-08-29 Type: information disclosure under active attack Impact: chosen plaintext attack theoretically possible Danger: low Acknowledgment: Apple product security CVE Name: CVE-2011-3389 URL: http://www.fetchmail.info/fetchmail-SA-2012-01.txt Project URL: http://www.fetchmail.info/ Affects: - fetchmail releases 6.3.9 up to and including 6.3.21 - Any fetchmail release when using OpenSSL versions before 0.9.6i, or 0.9.7 Not affected: - fetchmail releases 5.1.3 up to and including 6.3.8 but only when using sufficiently new OpenSSL releases - fetchmail releases 6.3.22 and newer but only when using sufficiently new OpenSSL releases Where "sufficiently new" means 0.9.6i or newer, or 0.9.7a or newer, or higher numerical versions such as 0.9.8, 1.0.0 (any letters) Corrected in: 2012-04-06 Git, among others, see commit 4af941d4a4318ba3149316aaa7ffaf24bb959e93 2012-08-29 fetchmail 6.3.22 release tarball 0. Release history ================== 2012-08-29 1.0 release 1. Background ============= fetchmail is a software package to retrieve mail from remote POP3, IMAP, ETRN or ODMR servers and forward it to local SMTP, LMTP servers or message delivery agents. fetchmail supports SSL and TLS security layers through the OpenSSL library, if enabled at compile time and if also enabled at run time, in both SSL/TLS-wrapped mode on dedicated ports as well as in-band-negotiated "STARTTLS" and "STLS" modes through the regular protocol ports. 2. Problem description and Impact ================================= Fetchmail version 6.3.9 enabled "all SSL workarounds" (SSL_OP_ALL) which contains a switch to disable a countermeasure against certain attacks against block ciphers that permit guessing the initialization vectors, providing that an attacker can make the application (fetchmail) encrypt some data for him -- which is not easily the case. Stream ciphers (such as RC4) are unaffected. While the /practical/ impact of disabling this countermeasure is unclear at the moment, as a safety precation, the countermeasure is reenabled by default in fetchmail versions 6.3.22 and newer. For technical details on the attack and countermeasure and affected OpenSSL versions, please see . 3. Solution =========== Install fetchmail 6.3.22 or newer. The fetchmail source code is always available from . Distributors are encouraged to review the NEWS file and move forward to 6.3.22, rather than backport individual security fixes, because doing so routinely misses other fixes crucial to fetchmail's proper operation, for which no security announcements are issued, or documentation. Fetchmail 6.3.X releases have always been made with a focus on unchanged user and program interfaces so as to avoid disruptions when upgrading from 6.3.X to 6.3.Y with Y > X. Care was taken to not change the interface incompatibly. A. Copyright, License and Non-Warranty ====================================== (C) Copyright 2012 by Matthias Andree, . Some rights reserved. This work is licensed under the Creative Commons Attribution-NoDerivs 3.0 Germany License (CC BY-ND 3.0). To view a copy of this license, visit http://creativecommons.org/licenses/by-nd/3.0/de/deed.en or send a letter to: Creative Commons 444 Castro Street Suite 900 MOUNTAIN VIEW, CALIFORNIA 94041 USA THIS WORK IS PROVIDED FREE OF CHARGE AND WITHOUT ANY WARRANTIES. Use the information herein at your own risk. END of fetchmail-SA-2012-01 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAlN9DK4ACgkQvmGDOQUufZVCbwCgoQriSlTKD7T6wLSW/4nxvWan sGAAnRsgZqpyHgunCA8VUlUQNKO5Z4z1 =nvvD -----END PGP SIGNATURE-----