[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: weechat does not properly use gnutls and allow an attacker to
From: john.doe () tapz ! be
Date: 2011-02-28 21:05:28
Message-ID: 201102282105.p1SL5S6P003402 () www5 ! securityfocus ! com
[Download RAW message or body]
About WeeChat:
"WeeChat is a fast, light and extensible chat client. It runs on many platforms \
(including Linux, BSD and Mac OS). Development is very active, and bug fixes are very \
fast!"
The vuln:
Weechat does not use the GnuTLS API properly to check certificates, potentially \
exposing users to man-in-the-middle attacks.
Weechat registers a callback function to be called by GnuTLS during the TLS/SSL \
handshake. The function perform checks on the server certificate and optionally, send \
a client certificate. The mentioned code is located in src/core/wee-network.c in the \
network_init function:
gnutls_certificate_client_set_retrieve_function (gnutls_xcred,
\
&hook_connect_gnutls_set_certificates);
Excerpt from gnutls's doc:
gnutls_certificate_client_set_retrieve_function sets a callback to be called in \
order to retrieve the certificate to be used in the handshake. (...)
If the callback function is provided then gnutls will call it, in the handshake, \
after the certificate request message has been received.
This callback function will only be called when the server ask for a client \
certificate during the handshake, but weechat also use this callback to check the \
server certificate.
As specified in the rfc2246 at 7.4.6., the certificate request is optionnal:
7.4.6. Client certificate
When this message will be sent:
This is the first message the client can send after receiving a
server hello done message. This message is only sent if the
server requests a certificate.
So when the server does not request a client certificate, \
hook_connect_gnutls_set_certificates is never called and weechat does not perform any \
check on the server certificate. It doesn't print any of the usual information about \
the dh key size and the content of the server certificate either.
POC:
$ openssl genrsa -out server.key 4096
$ openssl req -new -key server.key -out server.csr
$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
$ openssl dhparam -outform PEM -out dhparam.pem 4096
$ openssl s_server -cert server.crt -key server.key -dhparam dhparam.pem -accept 6697 \
&>./log & $ weechat-curses ircs://127.0.0.1:6697 # will not check the certificate
$ fg
^C
$ openssl s_server -cert server.crt -key server.key -dhparam dhparam.pem -accept 6697 \
-verify yes &>./log2 & $ weechat-curses ircs://127.0.0.1:6697 # will print an error \
because the certificate is self signed
This problem affects all versions. The maintainer has been contacted and a fix should \
be published. someday... A "beta" fix is availaible here: \
http://savannah.nongnu.org/patch/index.php?7459
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic