'weechat does not properly use gnutls and allow an attacker to'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    weechat does not properly use gnutls and allow an attacker to
From:       john.doe () tapz ! be
Date:       2011-02-28 21:05:28
Message-ID: 201102282105.p1SL5S6P003402 () www5 ! securityfocus ! com
[Download RAW message or body]

About WeeChat:
"WeeChat is a fast, light and extensible chat client. It runs on many platforms \
(including Linux, BSD and Mac OS). Development is very active, and bug fixes are very \
fast!"

The vuln:
Weechat does not use the GnuTLS API properly to check certificates, potentially \
exposing users to man-in-the-middle attacks.

Weechat registers a callback function to be called by GnuTLS during the TLS/SSL \
handshake. The function perform checks on the server certificate and optionally, send \
a client certificate. The mentioned code is located in src/core/wee-network.c in the \
network_init function:

    gnutls_certificate_client_set_retrieve_function (gnutls_xcred,
                                                     \
&hook_connect_gnutls_set_certificates);

Excerpt from gnutls's doc:

    gnutls_certificate_client_set_retrieve_function sets a callback to be called in \
order to retrieve the certificate to be used in the handshake.  (...)
    If the callback function is provided then gnutls will call it, in the handshake, \
after the certificate request message has been received. 

This callback function will only be called when the server ask for a client \
certificate during the handshake, but weechat also use this callback to check the \
server certificate.

As specified in the rfc2246 at 7.4.6., the certificate request is optionnal:

    7.4.6. Client certificate

       When this message will be sent:
           This is the first message the client can send after receiving a
           server hello done message. This message is only sent if the
           server requests a certificate.

So when the server does not request a client certificate, \
hook_connect_gnutls_set_certificates is never called and weechat does not perform any \
check on the server certificate. It doesn't print any of the usual information about \
the dh key size and the content of the server certificate either.

POC:

$ openssl genrsa -out server.key 4096
$ openssl req -new -key server.key -out server.csr
$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
$ openssl dhparam -outform PEM -out dhparam.pem 4096
$ openssl s_server -cert server.crt -key server.key -dhparam dhparam.pem -accept 6697 \
&>./log & $ weechat-curses ircs://127.0.0.1:6697 # will not check the certificate
$ fg
^C
$ openssl s_server -cert server.crt -key server.key -dhparam dhparam.pem -accept 6697 \
-verify yes &>./log2 & $ weechat-curses ircs://127.0.0.1:6697 # will print an error \
because the certificate is self signed

This problem affects all versions. The maintainer has been contacted and a fix should \
be published. someday... A "beta" fix is availaible here: \
http://savannah.nongnu.org/patch/index.php?7459


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic