fetchmail-6.3.9-rc2-4ubuntu5 hangs in S(TART)TLS handshake/CVE-2011-1947
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
fetchmail (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: fetchmail
Fetchmail seems to not apply timeouts in SSL handshare.
On DSL lines, this seems cause the process to hang infinitely if the if the DSL connection is cut off (unfortunate timing).
Restarting the fetchmail process immediately transfers mail again.
In below quoted backtrace, the process hang for 2 days in the read() call.
(gdb) bt
#0 0x00007f5f16f6c4a0 in read () from /lib/libc.so.6
#1 0x00007f5f1750db81 in ?? () from /lib/libcrypto.
#2 0x00007f5f1750bef9 in BIO_read () from /lib/libcrypto.
#3 0x00007f5f177ff7da in ssl3_read_n () from /lib/libssl.
#4 0x00007f5f177ffd8f in ssl3_read_bytes () from /lib/libssl.
#5 0x00007f5f17800c92 in ssl3_get_message () from /lib/libssl.
#6 0x00007f5f177fa957 in ssl3_get_
#7 0x00007f5f177fc0c8 in ssl3_connect () from /lib/libssl.
#8 0x00000000004065f8 in ?? ()
#9 0x00000000004238ed in ?? ()
#10 0x000000000040e79a in ?? ()
#11 0x0000000000407a15 in ?? ()
#12 0x0000000000409bca in ?? ()
#13 0x00007f5f16eb2c4d in __libc_start_main () from /lib/libc.so.6
#14 0x0000000000404b59 in ?? ()
#15 0x00007fff7094f4b8 in ?? ()
#16 0x000000000000001c in ?? ()
#17 0x0000000000000006 in ?? ()
#18 0x00007fff7094fecd in ?? ()
#19 0x00007fff7094fee0 in ?? ()
#20 0x00007fff7094fee3 in ?? ()
#21 0x00007fff7094fef4 in ?? ()
#22 0x00007fff7094fefe in ?? ()
#23 0x00007fff7094ff1f in ?? ()
#24 0x0000000000000000 in ?? ()
root@se003:
fetchmail 3042 fetchmail cwd DIR 9,1 832 2 /
fetchmail 3042 fetchmail rtd DIR 9,1 832 2 /
fetchmail 3042 fetchmail txt REG 9,1 262384 351752 /usr/bin/fetchmail
fetchmail 3042 fetchmail mem REG 9,1 95320 12754 /lib/libz.
fetchmail 3042 fetchmail mem REG 9,1 17176 304061 /lib/libcom_
fetchmail 3042 fetchmail mem REG 9,1 12656 72960 /lib/libkeyutil
fetchmail 3042 fetchmail mem REG 9,1 22928 276712 /lib/libnss_
fetchmail 3042 fetchmail mem REG 9,1 10432 233217 /lib/libnss_
fetchmail 3042 fetchmail mem REG 9,1 51712 278902 /lib/libnss_
fetchmail 3042 fetchmail mem REG 9,1 43552 294600 /lib/libnss_
fetchmail 3042 fetchmail mem REG 9,1 97256 270102 /lib/libnsl-
fetchmail 3042 fetchmail mem REG 9,1 35712 275782 /lib/libnss_
fetchmail 3042 fetchmail mem REG 9,1 14696 266325 /lib/libdl-
fetchmail 3042 fetchmail mem REG 9,1 135745 346037 /lib/libpthread
fetchmail 3042 fetchmail mem REG 9,1 31168 94101 /usr/lib/
fetchmail 3042 fetchmail mem REG 9,1 1572232 247759 /lib/libc-2.11.1.so
fetchmail 3042 fetchmail mem REG 9,1 213784 29916 /usr/lib/
fetchmail 3042 fetchmail mem REG 9,1 1622304 57359 /lib/libcrypto.
fetchmail 3042 fetchmail mem REG 9,1 333856 57422 /lib/libssl.
fetchmail 3042 fetchmail mem REG 9,1 154048 1272 /usr/lib/
fetchmail 3042 fetchmail mem REG 9,1 803192 84116 /usr/lib/
fetchmail 3042 fetchmail mem REG 9,1 93000 346060 /lib/libresolv-
fetchmail 3042 fetchmail mem REG 9,1 43296 257232 /lib/libcrypt-
fetchmail 3042 fetchmail mem REG 9,1 136936 81873 /lib/ld-2.11.1.so
fetchmail 3042 fetchmail 0u CHR 1,3 0t0 967 /dev/null
fetchmail 3042 fetchmail 1u CHR 1,3 0t0 967 /dev/null
fetchmail 3042 fetchmail 2u CHR 1,3 0t0 967 /dev/null
fetchmail 3042 fetchmail 3u unix 0xffff880100668000 0t0 10168 socket
fetchmail 3042 fetchmail 4u IPv4 4918696 0t0 TCP mail.mydomain.
CVE References
summary: |
- fetchmail-6.3.9-rc2-4ubuntu5 hangs in SSL handshare on DSL connection + fetchmail-6.3.9-rc2-4ubuntu5 hangs in SSL handshake on DSL connection |
This is fixed in 6.3.18 (note that 6.3.19 is the current bug-fix release):
...
* Fetchmail will now apply timeouts to the authentication stage.
This stage encompasses STARTTLS/STLS negotiation in IMAP/POP3.
Reported missing by Thomas Jarosch.
Please upgrade to 6.3.19. Note I will not provide a broken-out patch. Distributors are requested to upgrade to 6.3.19 - much effort was spent to make this a drop-in replacement for all earlier 6.3.X and 6.2.X upgrades.