After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 424373 - [PATCH] APOP Authentication Vulnerability
[PATCH] APOP Authentication Vulnerability
Status: RESOLVED FIXED
Product: evolution
Classification: Applications
Component: Mailer
unspecified
Other Linux
: Urgent critical
: ---
Assigned To: Sankar P
Evolution QA team
Depends on:
Blocks:
 
 
Reported: 2007-03-30 04:54 UTC by Sankar P
Modified: 2007-05-03 10:01 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
Fix (1.01 KB, patch)
2007-03-30 04:57 UTC, Sankar P
committed Details | Review

Description Sankar P 2007-03-30 04:54:41 UTC
gaetan.leurent ens.fr wrote:

> I found a security vulnerability in the APOP authentication.  It is
> related to recent collision attacks by Wang and al. against MD5.  The
> basic idea is to craft a pair of message-ids that will collide in the
> APOP hash if the password begins in a specified way.  So the attacker
> would impersonate a POP server, and send these msg-id; the client will
> return the hash, and the attacker can learn some password characters.
> 
> The msg-ids will be generated from a MD5 collision: if you have two
> colliding messages for MD5 "<????@????>x" and "<¿¿¿¿@¿¿¿¿>x", and the
> message are of length two blocks, then you will use "<????@????>" and
> "<¿¿¿¿@¿¿¿¿>" as msg-ids.  When the client computes MD5(msg-id||passwd)
> with these two, it will collide if the first password character if 'x',
> no matter what is next (since we are at a block boundary, and the end of
> the password will be the same in the two hashs).  Therefore you can
> learn the password characters one by one (actually you can only recover
> three of them, due to the way MD5 collisions are computed).
> 
> This attack is really a practical one: it needs about an hour of
> computation and a few hundred authentications from the client, and can
> recover three password characters.  I tested it against Evolution, and
> it does work.
> 
> However, using the current techniques available to attack MD5, the
> msg-ids sent by the server can easily be distinguished from genuine ones
> as they will not respect the RFC specification.  In particular, they
> will contain non-ASCII characters.  Therefore, as a security
> countermeasure, I think Evolution should reject msg-ids that does not
> conform to the RFC.
Comment 1 Sankar P 2007-03-30 04:57:53 UTC
Created attachment 85552 [details] [review]
Fix
Comment 2 André Klapper 2007-04-02 01:04:18 UTC
Sankar: that entire string is weird to me, the second part is not even a whole sentence, and if i would be a user, i would just be left concerned without knowing what's going on here. can one rephrase this?
and what is a MITM attack? please either write "Man in the middle" or just add a translator comment. translators are not computer security specialists, but just normal people that do not have to know the term "MITM"...
http://developer.gnome.org/doc/tutorials/gnome-i18n/developer.html#use-comments
Comment 3 Sankar P 2007-04-02 04:51:51 UTC
Agreed. Will change the string to something like : "Cannot connect to the server: %s. Invalid APOP id received. Impersonation attack suspected. Please contact your admin." 

Here APOP shouldn't be translated. I can add a README before the string.
Comment 4 André Klapper 2007-04-02 10:35:40 UTC
s/id/ID, otherwise this sounds better. thanks :-)
Comment 5 André Klapper 2007-04-12 20:58:34 UTC
ping ping ping ping ping ;-)
Comment 6 Matthew Barnes 2007-04-15 13:48:24 UTC
Was a final revision of this patch ever committed?
Comment 7 Sankar P 2007-04-16 08:57:53 UTC
Nope. 

Still needs review :(
Comment 8 Veerapuram Varadhan 2007-04-19 19:07:44 UTC
(In reply to comment #7)
> Nope. 
> 
> Still needs review :(
> 
Thought an update with the new string is coming along. ;-)  Anyway, patch looks good except that string part.
Comment 9 Sankar P 2007-04-30 11:03:42 UTC
Patch committed. String changed in trunk and no string added in stable branch.
Comment 10 Claude Paroz 2007-05-02 12:45:49 UTC
Hi,
You added a string in stable branch:
"Unable to connect to POP server %s: "
http://svn.gnome.org/viewcvs/evolution-data-server/branches/gnome-2-18/camel/providers/pop3/camel-pop3-store.c?r1=7656&r2=7723

The nearer string seems to be:
#: ../camel/providers/pop3/camel-pop3-store.c:361
#, c-format
msgid "Could not connect to POP server %s"

What do you suggest?
Comment 11 Sankar P 2007-05-03 05:33:09 UTC
I reused an old string. Just look at camel-pop3-store.c:557 
Comment 12 Claude Paroz 2007-05-03 06:42:21 UTC
If a new string has appeared in the .pot file, it means that you DID use a new string:
http://l10n.gnome.org/module/evolution-data-server#gnome-2-18

The string you mention is :
"Unable to connect to POP server %s.\n"
"Error sending password: %s"

The beginning of this string is the same as the new string, but for gettext, it's two different string.
Comment 13 Sankar P 2007-05-03 10:01:36 UTC
Committed with the "Could not connect to POP server %s" string. Thanks for pointing it out.

http://svn.gnome.org/viewcvs/evolution-data-server?view=revision&revision=7725