joshua/dash-docs
1
0
Fork 0
mirror of https://github.com/seigler/dash-docs synced 2025-07-27 01:36:13 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

add warning about UPnP vulnerability

Browse source
This commit is contained in:
Wladimir J. van der Laan 2015-10-12 13:56:56 +02:00
parent 29ca419f57
commit 68586b6a69
2 changed files with 54 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

54
_alerts/2015-10-12-upnp-vulnerability.md Normal file
View file

@ -0,0 +1,54 @@
---
## This file is licensed under the MIT License (MIT) available on
## http://opensource.org/licenses/MIT.
title: "Vulnerability in UPnP library used by Bitcoin Core"
shorturl: "upnp-vulnerability"
active: true
#banner: "WARNING: serious vulnerability in UPnP library used by Bitcoin Core (click here to read)"
bannerclass: "alert"
---
## Summary
![Disabling UPnP in the GUI](disable_upnp.png)
Either
- turn off the checkbox in the GUI under Options → Network → Map port using UPNP (see above)
- add `-upnp=0` to the command line options
- add the line `upnp=0` to your `bitcoin.conf` file
Alternatively, upgrade to a version of Bitcoin Core at least 0.10.3 or 0.11.1.
These versions upgrade the library to a non-vulnerable version, as well as have
upnp disabled by default to prevent this problem in the future.
## Details
Version before 1.9.20151008 of the miniupnpc library are vulnerable to a buffer
overflow in the XML parser during initial network discovery. The
vulnerable code triggers at startup of Bitcoin Core if upnp is enabled.
Details of the vulnerability can be found here: http://talosintel.com/reports/TALOS-2015-0035/
It has been verified that the vulnerability can be used to crash the application at startup.
To have more connectable nodes, the Bitcoin Core executables distributed by
bitcoin.org include the library and have always had UPnP functionality enabled
by default.
This applies to the distributed executables only, not when building from source or
using distribution provided packages. Self-built executables have UPnP disabled
by default, unless `--enable-upnp-default` was provided to the configure script.
Releases starting from 0.10.3 and 0.11.1, and the upcoming 0.12.0 will still ship
with (a patched version) of the library, but no longer enable the functionality by default.
## Mitigation
Bitcoin Core executables are compiled with Address Space Layout Randomization (ASLR),
Stack Smashing Protection (SSP), and non-executable stack and heap (DEP) enabled. This
makes it harder to use this vulnerability for remote code execution or private
key leaks. However, it is still advised to upgrade, or if not possible, disable
UPnP as soon as possible.

BIN
_alerts/disable_upnp.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 18 KiB