Opened 5 weeks ago

Closed 12 days ago

#24245 closed defect (fixed)

Fix TROVE-2017-010: Remote DoS attack against directory authorities

Reported by: nickm Owned by: nickm
Priority: Medium Milestone: Tor: 0.2.9.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: trove-2017-010
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description (last modified by nickm)

TROVE-2017-010: Remote DoS attack against directory authorities

SEVERITY: Medium

ALSO TRACKED AS: CVE-2017-8820

SUMMARY:

  If an attacker uploads a malformed descriptor to a directory
  authority, lacking a protocol line and not claiming any particular
  Tor compatibility, the authority will crash when it tries to vote.

THE PROBLEM:

  An attacker who sends a malformatted descriptor to a directory
  authority can make that directory authority crash by reading a null
  pointer.

  The problematic code was introduced in 0.2.9.4-alpha, with the rest
  of the subprotocols system.

FIX:

  All directory authorities should upgrade to one of the releases with
  a fix for this issue: 0.2.9.14, 0.3.0.13, 0.3.1.9, or 0.3.2.6-alpha.

Child Tickets

Change History (2)

comment:1 Changed 5 weeks ago by nickm

Owner: set to nickm
Status: newaccepted

comment:2 Changed 12 days ago by nickm

Description: modified (diff)
Milestone: Tor: 0.3.3.x-finalTor: 0.2.9.x-final
Resolution: fixed
Status: acceptedclosed
Summary: Fix TROVE-2017-010Fix TROVE-2017-010: Remote DoS attack against directory authorities

This issue is fixed in today's security releases.

Note: See TracTickets for help on using tickets.