[JAMES-1862] Plaintext command injection of STARTTLS (CVE-2011-0411) - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: 3.0-beta4
Fix Version/s: None
Component/s: James Core
Labels:
- security
Environment:
centos6/7/windows openjdk8/jdk8 jboss eap6.4.2

Flags:

Important
External issue URL:
http://www.postfix.org/CVE-2011-0411.html

Description

Security issue described by this post :
Plaintext command injection in multiple implementations of STARTTLS
http://www.postfix.org/CVE-2011-0411.html

here you will find a dockerfile to run patched openssl, as described in previous link, to see the security issue.

FROM centos:latest
### Some env variables
ENV OPENSSL_VERSION="1.0.2d"
RUN yum clean all \
&& yum -y update \
### Install tool for compiling
&& yum -y install gcc \
&& yum -y install make \
&& yum -y install wget \
&& yum -y install tar \
&& yum -y install perl \
&& yum clean all
### BUILD OpenSSL
RUN wget "https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz" -P /tmp/ \
&& tar -xvf /tmp/openssl-${OPENSSL_VERSION}.tar.gz \
&& rm -rf /tmp/openssl-${OPENSSL_VERSION}.tar.gz
RUN sed -i -e 's/BIO_printf(sbio, "STARTTLS\\r\\n")/BIO_printf(sbio, "STARTTLS\\r\\nRSET\\r\\n")/g' openssl-${OPENSSL_VERSION}/apps/s_client.c
RUN cd openssl-${OPENSSL_VERSION} \
&& ./Configure linux-x86_64 \
&& make \
&& make install \
&& cd .. \
&& rm -rf openssl-${OPENSSL_VERSION}

############
# run this command in container :
# /usr/local/ssl/bin/openssl s_client -quiet -starttls smtp -connect {replace with your james listen address}:{replace with your james listen port}

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Luc

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 17/Nov/16 16:14

Updated:: 07/Dec/16 10:09

Resolved:: 06/Dec/16 09:10