mirror of
https://github.com/seigler/dash-docs
synced 2025-07-27 01:36:13 +00:00
add warning about UPnP vulnerability
This commit is contained in:
Wladimir J. van der Laan
parent
29ca419f57
commit
68586b6a69
2 changed files with 54 additions and 0 deletions
54
_alerts/2015-10-12-upnp-vulnerability.md
Normal file
54
_alerts/2015-10-12-upnp-vulnerability.md
Normal file
|
|
@ -0,0 +1,54 @@
|
||||||
|
---
|
||||||
|
## This file is licensed under the MIT License (MIT) available on
|
||||||
|
## http://opensource.org/licenses/MIT.
|
||||||
|
|
||||||
|
title: "Vulnerability in UPnP library used by Bitcoin Core"
|
||||||
|
shorturl: "upnp-vulnerability"
|
||||||
|
active: true
|
||||||
|
#banner: "WARNING: serious vulnerability in UPnP library used by Bitcoin Core (click here to read)"
|
||||||
|
bannerclass: "alert"
|
||||||
|
---
|
||||||
|
|
||||||
|
## Summary
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Either
|
||||||
|
|
||||||
|
- turn off the checkbox in the GUI under Options → Network → Map port using UPNP (see above)
|
||||||
|
- add `-upnp=0` to the command line options
|
||||||
|
- add the line `upnp=0` to your `bitcoin.conf` file
|
||||||
|
|
||||||
|
Alternatively, upgrade to a version of Bitcoin Core at least 0.10.3 or 0.11.1.
|
||||||
|
These versions upgrade the library to a non-vulnerable version, as well as have
|
||||||
|
upnp disabled by default to prevent this problem in the future.
|
||||||
|
|
||||||
|
## Details
|
||||||
|
|
||||||
|
Version before 1.9.20151008 of the miniupnpc library are vulnerable to a buffer
|
||||||
|
overflow in the XML parser during initial network discovery. The
|
||||||
|
vulnerable code triggers at startup of Bitcoin Core if upnp is enabled.
|
||||||
|
|
||||||
|
Details of the vulnerability can be found here: http://talosintel.com/reports/TALOS-2015-0035/
|
||||||
|
|
||||||
|
It has been verified that the vulnerability can be used to crash the application at startup.
|
||||||
|
|
||||||
|
To have more connectable nodes, the Bitcoin Core executables distributed by
|
||||||
|
bitcoin.org include the library and have always had UPnP functionality enabled
|
||||||
|
by default.
|
||||||
|
|
||||||
|
This applies to the distributed executables only, not when building from source or
|
||||||
|
using distribution provided packages. Self-built executables have UPnP disabled
|
||||||
|
by default, unless `--enable-upnp-default` was provided to the configure script.
|
||||||
|
|
||||||
|
Releases starting from 0.10.3 and 0.11.1, and the upcoming 0.12.0 will still ship
|
||||||
|
with (a patched version) of the library, but no longer enable the functionality by default.
|
||||||
|
|
||||||
|
## Mitigation
|
||||||
|
|
||||||
|
Bitcoin Core executables are compiled with Address Space Layout Randomization (ASLR),
|
||||||
|
Stack Smashing Protection (SSP), and non-executable stack and heap (DEP) enabled. This
|
||||||
|
makes it harder to use this vulnerability for remote code execution or private
|
||||||
|
key leaks. However, it is still advised to upgrade, or if not possible, disable
|
||||||
|
UPnP as soon as possible.
|
||||||
|
|
||||||
BIN
_alerts/disable_upnp.png
Normal file
BIN
_alerts/disable_upnp.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 18 KiB |
Loading…
Add table
Add a link
Reference in a new issue