Ubuntu
fetchmail package

fetchmail-6.3.9-rc2-4ubuntu5 hangs in S(TART)TLS handshake/CVE-2011-1947

Bug #733980 reported by Patrick Haller
22
This bug affects 3 people
Affects Status Importance Assigned to Milestone
fetchmail (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: fetchmail

Fetchmail seems to not apply timeouts in SSL handshare.
On DSL lines, this seems cause the process to hang infinitely if the if the DSL connection is cut off (unfortunate timing).

Restarting the fetchmail process immediately transfers mail again.

In below quoted backtrace, the process hang for 2 days in the read() call.

(gdb) bt
#0 0x00007f5f16f6c4a0 in read () from /lib/libc.so.6
#1 0x00007f5f1750db81 in ?? () from /lib/libcrypto.so.0.9.8
#2 0x00007f5f1750bef9 in BIO_read () from /lib/libcrypto.so.0.9.8
#3 0x00007f5f177ff7da in ssl3_read_n () from /lib/libssl.so.0.9.8
#4 0x00007f5f177ffd8f in ssl3_read_bytes () from /lib/libssl.so.0.9.8
#5 0x00007f5f17800c92 in ssl3_get_message () from /lib/libssl.so.0.9.8
#6 0x00007f5f177fa957 in ssl3_get_server_certificate () from /lib/libssl.so.0.9.8
#7 0x00007f5f177fc0c8 in ssl3_connect () from /lib/libssl.so.0.9.8
#8 0x00000000004065f8 in ?? ()
#9 0x00000000004238ed in ?? ()
#10 0x000000000040e79a in ?? ()
#11 0x0000000000407a15 in ?? ()
#12 0x0000000000409bca in ?? ()
#13 0x00007f5f16eb2c4d in __libc_start_main () from /lib/libc.so.6
#14 0x0000000000404b59 in ?? ()
#15 0x00007fff7094f4b8 in ?? ()
#16 0x000000000000001c in ?? ()
#17 0x0000000000000006 in ?? ()
#18 0x00007fff7094fecd in ?? ()
#19 0x00007fff7094fee0 in ?? ()
#20 0x00007fff7094fee3 in ?? ()
#21 0x00007fff7094fef4 in ?? ()
#22 0x00007fff7094fefe in ?? ()
#23 0x00007fff7094ff1f in ?? ()
#24 0x0000000000000000 in ?? ()

root@se003:/var/log# lsof | grep fetch
fetchmail 3042 fetchmail cwd DIR 9,1 832 2 /
fetchmail 3042 fetchmail rtd DIR 9,1 832 2 /
fetchmail 3042 fetchmail txt REG 9,1 262384 351752 /usr/bin/fetchmail
fetchmail 3042 fetchmail mem REG 9,1 95320 12754 /lib/libz.so.1.2.3.3
fetchmail 3042 fetchmail mem REG 9,1 17176 304061 /lib/libcom_err.so.2.1
fetchmail 3042 fetchmail mem REG 9,1 12656 72960 /lib/libkeyutils-1.2.so
fetchmail 3042 fetchmail mem REG 9,1 22928 276712 /lib/libnss_dns-2.11.1.so
fetchmail 3042 fetchmail mem REG 9,1 10432 233217 /lib/libnss_mdns4_minimal.so.2
fetchmail 3042 fetchmail mem REG 9,1 51712 278902 /lib/libnss_files-2.11.1.so
fetchmail 3042 fetchmail mem REG 9,1 43552 294600 /lib/libnss_nis-2.11.1.so
fetchmail 3042 fetchmail mem REG 9,1 97256 270102 /lib/libnsl-2.11.1.so
fetchmail 3042 fetchmail mem REG 9,1 35712 275782 /lib/libnss_compat-2.11.1.so
fetchmail 3042 fetchmail mem REG 9,1 14696 266325 /lib/libdl-2.11.1.so
fetchmail 3042 fetchmail mem REG 9,1 135745 346037 /lib/libpthread-2.11.1.so
fetchmail 3042 fetchmail mem REG 9,1 31168 94101 /usr/lib/libkrb5support.so.0.1
fetchmail 3042 fetchmail mem REG 9,1 1572232 247759 /lib/libc-2.11.1.so
fetchmail 3042 fetchmail mem REG 9,1 213784 29916 /usr/lib/libgssapi_krb5.so.2.2
fetchmail 3042 fetchmail mem REG 9,1 1622304 57359 /lib/libcrypto.so.0.9.8
fetchmail 3042 fetchmail mem REG 9,1 333856 57422 /lib/libssl.so.0.9.8
fetchmail 3042 fetchmail mem REG 9,1 154048 1272 /usr/lib/libk5crypto.so.3.1
fetchmail 3042 fetchmail mem REG 9,1 803192 84116 /usr/lib/libkrb5.so.3.3
fetchmail 3042 fetchmail mem REG 9,1 93000 346060 /lib/libresolv-2.11.1.so
fetchmail 3042 fetchmail mem REG 9,1 43296 257232 /lib/libcrypt-2.11.1.so
fetchmail 3042 fetchmail mem REG 9,1 136936 81873 /lib/ld-2.11.1.so
fetchmail 3042 fetchmail 0u CHR 1,3 0t0 967 /dev/null
fetchmail 3042 fetchmail 1u CHR 1,3 0t0 967 /dev/null
fetchmail 3042 fetchmail 2u CHR 1,3 0t0 967 /dev/null
fetchmail 3042 fetchmail 3u unix 0xffff880100668000 0t0 10168 socket
fetchmail 3042 fetchmail 4u IPv4 4918696 0t0 TCP mail.mydomain.de:50916->mail.otherdomain.com:imap2 (ESTABLISHED)

CVE References

Patrick Haller (patrick-haller)
summary: - fetchmail-6.3.9-rc2-4ubuntu5 hangs in SSL handshare on DSL connection
+ fetchmail-6.3.9-rc2-4ubuntu5 hangs in SSL handshake on DSL connection
Revision history for this message
Matthias Andree (matthias-andree) wrote : Re: fetchmail-6.3.9-rc2-4ubuntu5 hangs in SSL handshake on DSL connection

This is fixed in 6.3.18 (note that 6.3.19 is the current bug-fix release):
...
* Fetchmail will now apply timeouts to the authentication stage.
  This stage encompasses STARTTLS/STLS negotiation in IMAP/POP3.
  Reported missing by Thomas Jarosch.

Please upgrade to 6.3.19. Note I will not provide a broken-out patch. Distributors are requested to upgrade to 6.3.19 - much effort was spent to make this a drop-in replacement for all earlier 6.3.X and 6.2.X upgrades.

Changed in fetchmail (Ubuntu):
status: New → Confirmed
Revision history for this message
Matthias Andree (matthias-andree) wrote :

This denial-of-service vulnerability has been known as
CVE-2011-1947

for a while, and got fixed in a later fetchmail release (see above - but note that 6.3.22 fixes even more security bugs)

summary: - fetchmail-6.3.9-rc2-4ubuntu5 hangs in SSL handshake on DSL connection
+ fetchmail-6.3.9-rc2-4ubuntu5 hangs in S(TART)TLS handshake/CVE-2011-1947
Revision history for this message
Bryce Harrington (bryce) wrote :

As per comment #1, this was fixed in 6.3.18. Ubuntu is shipping 6.3.26 in trusty and newer releases.

Changed in fetchmail (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.