Vigil@nce: fetchmail, obtaining HTTP headers
September 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker, who can control HTTPS connections of fetchmail and
which has a sufficient bandwidth, can use several SSL sessions in
order to compute HTTP headers.
– Impacted products: MES, Mandriva Linux, Unix (platform)
– Severity: 1/4
– Creation date: 03/09/2012
DESCRIPTION OF THE VULNERABILITY
The bulletin VIGILANCE-VUL-11014 (https://vigilance.fr/tree/1/11014)
describes a vulnerability of OpenSSL which can be used by an
attacker to obtain HTTPS cookies.
This vulnerability is corrected in recent versions of OpenSSL,
however fetchmail uses the SSL_OP_ALL bitmask which disables this
protection.
An attacker, who can control HTTPS connections of fetchmail and
which has a sufficient bandwidth, can therefore use several SSL
sessions in order to compute HTTP headers.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/fetchmail-obtaining-HTTP-headers-11913