diff --git a/_alerts/2015-10-12-upnp-vulnerability.md b/_alerts/2015-10-12-upnp-vulnerability.md new file mode 100644 index 00000000..cae4d65f --- /dev/null +++ b/_alerts/2015-10-12-upnp-vulnerability.md @@ -0,0 +1,65 @@ +--- +## This file is licensed under the MIT License (MIT) available on +## http://opensource.org/licenses/MIT. + +title: "Vulnerability in UPnP library used by Bitcoin Core" +shorturl: "upnp-vulnerability" +active: true +banner: "WARNING: serious vulnerability in UPnP library used by Bitcoin Core (click here to read)" +bannerclass: "alert" +--- + +## Summary + +![Disabling UPnP in the GUI](/img/alerts/disable_upnp.png) + +Either + +- turn off the checkbox in the GUI under Options → Network → Map port using UPNP (see above) +- add the line `upnp=0` to your `bitcoin.conf` file +- add `-upnp=0` to the command line options + +Also upgrade to a version of Bitcoin Core at least 0.10.3 or 0.11.1 when they +are released (the release cycle is in progress). These versions upgrade the +library to a non-vulnerable version, as well as disable UPnP by default to +prevent this problem in the future. + +## Details + +Version before 1.9.20151008 of the miniupnpc library are vulnerable to a buffer +overflow in the XML parser during initial network discovery. The +vulnerable code triggers at startup of Bitcoin Core if UPnP is enabled. + +Details of the vulnerability can be found here: + +It has been verified that the vulnerability can be used to crash the +application at startup by running a malicious UPnP server on the local +network. + +To have more connectable nodes, the Bitcoin Core executables distributed by +bitcoin.org include the miniupnpc library and have always had UPnP +functionality enabled by default, to forward the P2P port. + +This applies to the distributed executables only, not those built from source or +from distribution provided packages. Self-built executables have UPnP disabled +by default, unless `--enable-upnp-default` was provided to the configure script. + +Releases starting from 0.10.3 and 0.11.1, and the upcoming 0.12.0 will still ship +with (a patched version) of the library, but no longer enable the functionality by default. + +## Mitigation + +Bitcoin Core executables are compiled with Address Space Layout Randomization (ASLR), +Stack Smashing Protection (SSP), and non-executable stack and heap (DEP) enabled. This +makes it harder to use this vulnerability for remote code execution or private +key leaks. However, it is still advised to upgrade, or if not possible, disable +UPnP as soon as possible. + +## Manual Port Forwarding + +With UPnP turned off, your node will still connect to 8 other peers on +the Bitcoin network to receive new blocks and transactions. However, it +will not accept incomming connections from other peers unless you +manually enable port forwarding on your router. If you wish to do +that---it isn't required---please [follow these +instructions](/en/full-node#network-configuration). diff --git a/img/alerts/disable_upnp.png b/img/alerts/disable_upnp.png new file mode 100644 index 00000000..d069d7e0 Binary files /dev/null and b/img/alerts/disable_upnp.png differ