Dovecot version in precise too old to switch off SSLv3 protocol for "poodle" fix

Bug #1381537 reported by Benjamin Greiner on 2014-10-15
324
This bug affects 10 people
Affects Status Importance Assigned to Milestone
dovecot (Ubuntu)
Undecided
Marc Deslauriers
Lucid
Undecided
Unassigned
Precise
Undecided
Marc Deslauriers
Trusty
Undecided
Unassigned
Utopic
Undecided
Unassigned
Vivid
Undecided
Marc Deslauriers

Bug Description

SRU Request:

[Impact]
Dovecot in Precise does not contain the ssl_protocols configuration option that allows disabling SSLv3. Since there are now known weaknesses in SSLv3, it would be preferable to have an option to disable it like on later releases.

It may not be appropriate to default to having SSLv3 disabled yet. As such, this SRU only adds the configuration option, but doesn't enable it.

[Test Case]
1- Configure dovecot
2- Connect with SSLv3 only
3- add "ssl_protocols = !SSLv3" to dovecot configuration file
4- Connect with SSLv3 only
5- Connect with TLS to make sure it still works

Alternatively, the security team QRT script has been modified to test for this. It can be used.

[Regression Potential]
This touches the config file parsing code, and the SSL code. Any regression could result in the configuration file not being parsed correctly, or for some unknown issue with SSL negotiation.

Original description:
The current version of dovecot in Ubuntu 12.04 LTS, Precise Pangolin is 2.0.19

This version is too old to switch off SSLv3 which has been designated insecure as of the recent "poodle" discovery [1].
In dovecot versions 2.1+ the protocol can be switched off, but for older versions the source code would need to be patched [2,3]

I asked the Ubuntu team to either backport a patch to 2.0.19, or package a newer version of dovecot for precise.

[1] https://www.openssl.org/~bodo/ssl-poodle.pdf
[2] http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566
[3] http://<email address hidden>/msg59945.html

source package in precise security: dovecot 1:2.0.19-0ubuntu2.1

CVE References

information type: Private Security → Public
Benjamin Greiner (greiner) wrote :

Here is the patch from the mailing list([3] in original post)

tags: added: precise

The attachment "disable SSLv3 in dovecot" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in dovecot (Ubuntu):
status: New → Confirmed
Robie Basak (racb) wrote :

I had a quick discussion with mdeslaur (security team) on #ubuntu-hardened.

He's not prepared to push changes which just turn SSLv3 off, since that would break clients. But he is prepared to sponsor security patches that add it as an option, so that users can opt to turn SSLv3 off after they've got the security update.

information type: Public → Public Security
Roger Cornelius (rac-3) wrote :

According to https://www.digitalocean.com/community/tutorials/how-to-protect-your-server-against-the-poodle-sslv3-vulnerability, SSLv3 can be switched off in 2.0.19 by adding "!SSLv3" to the ssl_cipher_list config option. Is that not correct?

On 10/20/2014 11:18 AM, Roger Cornelius wrote:
> According to https://www.digitalocean.com/community/tutorials/how-to-
> protect-your-server-against-the-poodle-sslv3-vulnerability, SSLv3 can
> be switched off in 2.0.19 by adding "!SSLv3" to the ssl_cipher_list
> config option. Is that not correct?

Doing so will drop support for TLS 1.0 and 1.1 too (leaving 1.2 only).
This is explained by the fact that all the ciphers defined by SSLv3 are
also shared by TLS 1.0 and 1.1 so removing them only leaves those added
by TLS 1.2.

$ openssl ciphers -v 'ALL:!LOW:!SSLv2:!EXP:!aNULL' | wc -l
77
$ openssl ciphers -v 'ALL:!LOW:!SSLv2:!EXP:!aNULL:!SSLv3' | wc -l
28

This is generally not advisable because many email clients do not
support TLS 1.2. The article should be fixed.

Simon

Benjamin Greiner (greiner) wrote :

It is not correct. Adding !SSLv3 to the cipher list removes the set of *ciphers* specified in the SSLv3 cipher suite [1], which would also disable ciphers listed in other suites. It has no effect on the *protocols* used.

[1] http://www.openssl.org/docs/apps/ciphers.html

Roger Cornelius (rac-3) wrote :

Thanks for the clarification.

Robie Basak (racb) on 2014-10-21
tags: added: poodle
Marius Rieder (marius-rieder-m) wrote :

So basicaly the following commit has to be backported to the 2.0 Version. http://hg.dovecot.org/dovecot-2.1/rev/406a1d52390b

I created a patch for 2.0.19 and tried it on our staging systems. This worked quite well for ous.

Changed in dovecot (Ubuntu):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in dovecot (Ubuntu Vivid):
status: Confirmed → Fix Released
Changed in dovecot (Ubuntu Utopic):
status: New → Fix Released
Changed in dovecot (Ubuntu Trusty):
status: New → Fix Released
Changed in dovecot (Ubuntu Precise):
status: New → Confirmed
Changed in dovecot (Ubuntu Lucid):
status: New → Confirmed
Changed in dovecot (Ubuntu Precise):
assignee: nobody → Marc Deslauriers (mdeslaur)
Serge van Namen (pcktdmp) wrote :

Made a quick patch for this package, tested it in following way:

* Install package
* Start dovecot
* Connect with: openssl s_client -connect -ssl3 localhost:995

Getting error that I can't connect on SSLv3, assumed this resolved the issue.

information type: Public Security → Private Security
information type: Private Security → Public Security
description: updated
description: updated
Changed in dovecot (Ubuntu Precise):
status: Confirmed → In Progress

Hello Benjamin, or anyone else affected,

Accepted dovecot into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/dovecot/1:2.0.19-0ubuntu2.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in dovecot (Ubuntu Precise):
status: In Progress → Fix Committed
tags: added: verification-needed
Simon Déziel (sdeziel) on 2014-10-28
tags: added: verification-done
removed: verification-needed
Rolf Leggewie (r0lf) wrote :

How will this be dealt with in lucid, please? I guess POODLE isn't really that much of an issue for an IMAPS or POP3S session since there is no Javascript involved or am I mistaken?

The verification of the Stable Release Update for dovecot has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package dovecot - 1:2.0.19-0ubuntu2.2

---------------
dovecot (1:2.0.19-0ubuntu2.2) precise; urgency=medium

  * Backport support for the ssl_protocols setting to easily allow
    disabling SSLv3. (LP: #1381537)
    - debian/patches/backport_ssl_protocols.patch: added new setting to
      src/login-common/login-settings.c, src/login-common/login-settings.h,
      src/login-common/ssl-proxy-openssl.c, src/config/all-settings.c.
 -- Marc Deslauriers <email address hidden> Mon, 27 Oct 2014 12:46:22 -0400

Changed in dovecot (Ubuntu Precise):
status: Fix Committed → Fix Released
Marius Gedminas (mgedmin) wrote :

Dovecot uses Unix password authentication by default. If those passwords leak, they can be used to ssh in and perhaps even for sudo.

Rolf Leggewie (r0lf) wrote :

lucid has seen the end of its life and is no longer receiving any updates. Marking the lucid task for this ticket as "Won't Fix".

Changed in dovecot (Ubuntu Lucid):
status: Confirmed → Won't Fix
Mike Threesi (mike366) wrote :

OK, I hate to be so stupid, but I need some help and can't seem to locate anyone knowledgeable so far:

In 10-ssl.conf I added: ssl_protocols = !SSLv2 !SSLv3 (to no avail so i think I am not patched)

Would appreciate some helpful comments / guidance please...

I did a fresh install of 12.04.5 on another machine, thinking that there had been a patch for dovecot, but I am still getting this error, so I assume it is not patched in 12.04.5 ? Or how do I get the patch installed?

This accepts the login: `openssl s_client -connect localhost:993 -ssl3`

This gives an error: `openssl s_client -connect localhost:465 -ssl3` "139852816377504:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:59"

This too gives an error: `openssl s_client -connect localhost:25 -ssl3` "140205816501920:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:339"

So if I go to a poodle website and check, they return OK for Poodle EXCEPT for 993 port, do you know what I am doing wrong?

BTW, these are the exact results from my long running 12.04.4 ubuntu, and we need to stay on 12.04 for now.

Throw me a bone, please - give me some detailed instructions of how I can fix this, thank you. My goal is to have port 25, 587, 465, 993, etc all !SSLv3 compliant.

Thank you

Seth Arnold (seth-arnold) wrote :

Port 25 is probably handled by postfix, exim, or sendmail, not dovecot. In any event, you can't simply connect directly to SMTP with TLS; SMTP requires using the STARTTLS command to upgrade a connection to TLS.

I suspect you'll find similar issues with your other ports; I don't know the details of those off-hand as well as SMTP, so I'll just ask how confident you are that your test case accurately reflects the protocols you're trying to test.

Thanks

To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers