Changes between Initial Version and Version 2 of Ticket #24245


Ignore:
Timestamp:
Dec 1, 2017, 2:00:04 PM (2 weeks ago)
Author:
nickm
Comment:

This issue is fixed in today's security releases.

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #24245

    • Property Status changed from new to closed
    • Property Summary changed from Fix TROVE-2017-010 to Fix TROVE-2017-010: Remote DoS attack against directory authorities
    • Property Milestone changed from Tor: 0.3.3.x-final to Tor: 0.2.9.x-final
    • Property Owner set to nickm
    • Property Resolution changed from to fixed
  • Ticket #24245 – Description

    initial v2  
     1{{{
     2TROVE-2017-010: Remote DoS attack against directory authorities
     3
     4SEVERITY: Medium
     5
     6ALSO TRACKED AS: CVE-2017-8820
     7
     8SUMMARY:
     9
     10  If an attacker uploads a malformed descriptor to a directory
     11  authority, lacking a protocol line and not claiming any particular
     12  Tor compatibility, the authority will crash when it tries to vote.
     13
     14THE PROBLEM:
     15
     16  An attacker who sends a malformatted descriptor to a directory
     17  authority can make that directory authority crash by reading a null
     18  pointer.
     19
     20  The problematic code was introduced in 0.2.9.4-alpha, with the rest
     21  of the subprotocols system.
     22
     23FIX:
     24
     25  All directory authorities should upgrade to one of the releases with
     26  a fix for this issue: 0.2.9.14, 0.3.0.13, 0.3.1.9, or 0.3.2.6-alpha.
     27
     28}}}