Opened 4 weeks ago

Closed 2 weeks ago

#24333 closed defect (fixed)

Fix TROVE-2017-012: Relays can pick themselves in a circuit path

Reported by: teor Owned by:
Priority: Medium Milestone: Tor: 0.3.3.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: trove-2017-011
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description (last modified by nickm)

Ticket for medium severity issue TROVE-2017-012

See https://trac.torproject.org/projects/tor/wiki/TROVE

TROVE-2017-012: Relays can pick themselves in a circuit path

SEVERITY: Medium

ALSO TRACKED AS: CVE-2017-8822

DESCRIPTION

    A relay can open circuits for reachability purposes, preemptive
    Exit circuits or possible onion service client usage. If a relay
    doesn't have the descriptors of all the relays in the network, it
    is possible for the relay to pick itself in a circuit path like so
    (R1: Relay, G: Guard, E: Exit):

        R1 -> G -> R1 -> E

    This leads to a log warning on the Guard node and the circuit
    being closed immediately because tor doesn't allow to extend to
    the previous node.

    Furthermore, a relay can also pick itself as a primary guard,
    leading to it being unable to open any circuits for a while, until
    enough failures have been recorded and the guard is switched.

    This can only happens if the relay doesn't have all descriptors
    downloaded yet, and if it considers itself in the consensus.

    This affects version >= 0.2.0.x series which is basically every
    relay on the network.

MITIGATION NOTES:

    1. If you are using tor but it is not configured as a relay, this
       doesn't affect you.

    2. This can have anonymity consequences if you are running a
       onion service and a relay at the same time on the same tor
       instance. It is something we do NOT recommend in the first
       place, so: avoid doing this.

ACKNOWLEDGMENTS:

   Thanks to the Tor network team members who tracked this down!

FIX:

   Everyone affected should upgrade to one of the releases with the fix
   for this issue: 0.2.5.16, 0.2.8.17, 0.2.9.14, 0.3.0.13, 0.3.1.9, or
   0.3.2.6-alpha.

Child Tickets

Change History (1)

comment:1 Changed 2 weeks ago by nickm

Description: modified (diff)
Resolution: fixed
Status: newclosed
Summary: Fix TROVE-2017-012Fix TROVE-2017-012: Relays can pick themselves in a circuit path

Fixed in today's security releases.

Note: See TracTickets for help on using tickets.