[Alpine-info] Security Issue in Alpine 2.22

Eduardo Chappa alpine.chappa at yandex.com
Thu Jun 18 02:41:29 PDT 2020

Dear Alpine users,

the following security issue was reported about Alpine:

Alpine can be configured to start a secure connection using /tls on
an insecure connection. However, if the connection is PREAUTH,
Alpine will not upgrade the connection to a secure connection,
because a client must not issue a STARTTLS to a server that supports
it, while in authenticated state. This makes Alpine continue to use
an insecure connection with the server, exposing user data. Reported
by Damian Poddebniak and Fabian Ising from Münster University of
Applied Sciences.

this issue affects all versions of Alpine. As a result, when Alpine finds
a server that supports STARTTLS for which a PREAUTH connection has been
established, Alpine will close the connection and let the user decide how
to proceed. In this case in order to establish a connection the user will
have to remove /tls from the server, but this implies that the connection
will be insecure, as configured. RFC 3501 does not allow a client to use
STARTTLS in authenticated state, nor a server would accept it, so it is
not possible to upgrade the connection in this situation either.

The attached patch can be applied on any version of Alpine to clear this
bug. The modification is already included in the git repository, and will
be released officially in version 2.23, to be released soon.

Thank you.

-------------- next part --------------
diff --git a/imap/src/c-client/imap4r1.c b/imap/src/c-client/imap4r1.c
index 2233da6..4991f85 100644
--- a/imap/src/c-client/imap4r1.c
+++ b/imap/src/c-client/imap4r1.c
@@ -891,6 +891,16 @@ MAILSTREAM *imap_open (MAILSTREAM *stream)
return NIL; /* lost during greeting */

+ /* STARTTLS is not allowed in PREAUTH state */
+ if (LOCAL->netstream && !strcmp (reply->key,"PREAUTH")){
+ sslstart_t stls = (sslstart_t) mail_parameters (NIL,GET_SSLSTART,NIL);
+ if (!LOCAL->gotcapability) imap_capability (stream);
+ if (LOCAL->netstream
+ && stls && LOCAL->cap.starttls && !mb.sslflag && !mb.notlsflag && mb.tlsflag){
+ mm_log("STARTTLS not allowed on PREAUTH state. Closing Connection", ERROR);
+ return NIL;
+ }
+ }
/* if connected and not preauthenticated */
if (LOCAL->netstream && strcmp (reply->key,"PREAUTH")) {
sslstart_t stls = (sslstart_t) mail_parameters (NIL,GET_SSLSTART,NIL);

More information about the Alpine-info mailing list