[General] Fw: weechat does not properly use gnutls and allow an attacker tobypass certificate verification

webdawg at gmail.com webdawg at gmail.com
Tue Mar 1 11:57:02 CST 2011 

-----Original Message-----
From: webdawg at gmail.com
Date: Tue, 1 Mar 2011 17:55:23 
To: <general at makerslocal.org>
Reply-To: webdawg at gmail.com
Subject: Fw: weechat does not properly use gnutls and allow an attacker tobypass certificate verification

I know a lot of you guys use weechat.
-----Original Message-----
From: john.doe at tapz.be
Date: Mon, 28 Feb 2011 14:05:28 
To: <bugtraq at securityfocus.com>
Subject: weechat does not properly use gnutls and allow an attacker to
 bypass certificate verification
About WeeChat:
"WeeChat is a fast, light and extensible chat client. It runs on many platforms (including Linux, BSD and Mac OS).
Development is very active, and bug fixes are very fast!"

The vuln:
Weechat does not use the GnuTLS API properly to check certificates, potentially exposing users to man-in-the-middle attacks.

Weechat registers a callback function to be called by GnuTLS during the TLS/SSL handshake. The function perform checks on the server
certificate and optionally, send a client certificate.
The mentioned code is located in src/core/wee-network.c in the network_init function:

    gnutls_certificate_client_set_retrieve_function (gnutls_xcred,
                                                     &hook_connect_gnutls_set_certificates);

Excerpt from gnutls's doc:

    gnutls_certificate_client_set_retrieve_function sets a callback to be called in order to retrieve the certificate to be used in the handshake.
    (...)
    If the callback function is provided then gnutls will call it, in the handshake, after the certificate request message has been received. 

This callback function will only be called when the server ask for a client certificate during the handshake, but weechat also use this callback
to check the server certificate.

As specified in the rfc2246 at 7.4.6., the certificate request is optionnal:

    7.4.6. Client certificate

       When this message will be sent:
           This is the first message the client can send after receiving a
           server hello done message. This message is only sent if the
           server requests a certificate.

So when the server does not request a client certificate, hook_connect_gnutls_set_certificates is never called and weechat does not
perform any check on the server certificate. It doesn't print any of the usual information about the dh key size and the content
of the server certificate either.

POC:

$ openssl genrsa -out server.key 4096
$ openssl req -new -key server.key -out server.csr
$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
$ openssl dhparam -outform PEM -out dhparam.pem 4096
$ openssl s_server -cert server.crt -key server.key -dhparam dhparam.pem -accept 6697 &>./log &
$ weechat-curses ircs://127.0.0.1:6697 # will not check the certificate
$ fg
^C
$ openssl s_server -cert server.crt -key server.key -dhparam dhparam.pem -accept 6697 -verify yes &>./log2 &
$ weechat-curses ircs://127.0.0.1:6697 # will print an error because the certificate is self signed

This problem affects all versions. The maintainer has been contacted and a fix should be published. someday...
A "beta" fix is availaible here: http://savannah.nongnu.org/patch/index.php?7459

More information about the General mailing list