Bug 65036 (CVE-2013-1431)

Summary: TLS bypass via use of legacy Jabber
Product: Telepathy Reporter: Simon McVittie <smcv>
Component: gabbleAssignee: Simon McVittie <smcv>
Status: RESOLVED FIXED QA Contact: Simon McVittie <smcv>
Severity: critical    
Priority: medium CC: guillaume.desmottes, jonny.lamb, sjoerd, will, xclaesse
Version: unspecifiedKeywords: patch
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:
Attachments: security: respect tls-required flag on legacy Jabber servers
NEWS: update and describe configuration changes for fd.o #65036
tests: fix JabberAuthenticator when self.emit_events is False
Add a regression test for fd.o #65036
patch for telepathy-gabble 0.16.x (x < 6) releases
Add a regression test for fd.o #65036
NEWS: update and describe configuration changes for fd.o #65036

Description Simon McVittie 2013-05-27 11:29:16 UTC
Not giving more details until I've confirmed that this bug is embargoed.
Comment 1 Simon McVittie 2013-05-27 11:59:32 UTC
(In reply to comment #0)
> Not giving more details until I've confirmed that this bug is embargoed.

I'm glad I did that before going into details; apparently, emptying the "QA Contact" is not enough, you have to explicitly set it to something else...

The flaw is that if you connect to a legacy Jabber (i.e. not XMPP) server, WockyConnector:tls-required is not respected: we go straight to trying to perform legacy Jabber authentication. A network intermediary could exploit this by making their man-in-the-middle server implement legacy Jabber, rather than XMPP.

The logic we should follow is: if the server is legacy Jabber, check whether we have already authenticated the server using "old SSL" (https-style SSL without STARTTLS, typically on port 5223). If we haven't, and TLS is required, stop.
Comment 2 Simon McVittie 2013-05-27 12:35:48 UTC
Created attachment 79847 [details] [review]
security: respect tls-required flag on legacy Jabber servers

It's checked elsewhere for XMPP 1.0 servers, which can either
use "old SSL" or perform STARTTLS. Legacy Jabber can only use
"old SSL", which is similar to https - connect to a separate port,
typically 5223, and start speaking SSL - so if the connection was
ever going to be encrypted, by this point it already would be.
Comment 3 Sjoerd Simons 2013-05-27 12:48:39 UTC
Comment on attachment 79847 [details] [review]
security: respect tls-required flag on legacy Jabber servers

Review of attachment 79847 [details] [review]:
-----------------------------------------------------------------

Looks good (any chance to get a test for it as well?) :)
Comment 4 Simon McVittie 2013-05-28 12:09:47 UTC
Created attachment 79891 [details] [review]
NEWS: update and describe configuration changes for fd.o #65036
Comment 5 Simon McVittie 2013-05-28 12:10:08 UTC
Created attachment 79892 [details] [review]
tests: fix JabberAuthenticator when self.emit_events is  False

We don't currently use JabberAuthenticator in this mode, so nobody
noticed that it didn't work. I'm about to add a test that does use it.
Comment 6 Simon McVittie 2013-05-28 12:10:24 UTC
Created attachment 79893 [details] [review]
Add a regression test for fd.o #65036
Comment 7 Simon McVittie 2013-05-28 12:33:21 UTC
Created attachment 79894 [details] [review]
patch for telepathy-gabble 0.16.x (x < 6) releases

This is the same as Attachment #79847 [details], but with paths adjusted to apply to the  Wocky submodule in vulnerable telepathy-gabble 0.16.x releases. Distributors will probably want to use this one; for instance, it's what I intend to apply in Debian.
Comment 8 Simon McVittie 2013-05-28 12:38:30 UTC
Credit: thanks to Maksim Otstavnov for discovering this issue and reporting it to Debian.
Comment 9 Simon McVittie 2013-05-29 11:08:48 UTC
Created attachment 79953 [details] [review]
Add a regression test for fd.o #65036

---

Attachment #79893 [details] was an older version; I had some uncommitted changes. In attachment #79893 [details] [review] the "don't require encryption" case doesn't pass, but we test the legacy Jabber case without requiring encryption elsewhere anyway (tests/twisted/sasl/jabber_auth.py).
Comment 10 Will Thompson 2013-05-29 13:08:30 UTC
Comment on attachment 79953 [details] [review]
Add a regression test for fd.o #65036

Review of attachment 79953 [details] [review]:
-----------------------------------------------------------------

Looks good to me!
Comment 11 Simon McVittie 2013-05-29 14:59:25 UTC
Created attachment 79974 [details] [review]
NEWS: update and describe configuration changes for fd.o  #65036

---

Attachment #79891 [details] didn't make much sense to review... this is what I meant to attach.

Any opinion on this, or on Attachment #79892 [details]?
Comment 12 Will Thompson 2013-05-29 15:23:56 UTC
Comment on attachment 79892 [details] [review]
tests: fix JabberAuthenticator when self.emit_events is  False

Review of attachment 79892 [details] [review]:
-----------------------------------------------------------------

Looks fine.
Comment 13 Will Thompson 2013-05-29 15:24:12 UTC
Comment on attachment 79894 [details] [review]
patch for telepathy-gabble 0.16.x (x < 6) releases

Review of attachment 79894 [details] [review]:
-----------------------------------------------------------------

Also looks fine, obvs.
Comment 14 Will Thompson 2013-05-29 15:24:39 UTC
Comment on attachment 79974 [details] [review]
NEWS: update and describe configuration changes for fd.o  #65036

Review of attachment 79974 [details] [review]:
-----------------------------------------------------------------

Looks good.
Comment 15 Simon McVittie 2013-05-29 19:09:57 UTC
telepathy-gabble 0.16.6 is ready for upload. My plan is to release and unembargo it tomorrow.

Note for distributors: the patch you want to apply to telepathy-gabble is Attachment #79894 [details]. The rest are not necessary.

I've confirmed that Attachment #79894 [details] applies and fixes this vulnerability on telepathy-gabble 0.9.15, as shipped in Debian 6 (oldstable). I would expect that it will work on anything in between, too.
Comment 16 Simon McVittie 2013-05-30 14:55:15 UTC
Ending embargo.
Comment 17 Simon McVittie 2013-06-03 19:18:59 UTC
This was fixed in 0.16.6 and 0.17.5. Attachment #79894 [details] should fix it for other versions.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.