mirror of
https://github.com/seigler/dash-docs
synced 2025-07-28 10:16:15 +00:00
Merge pull #1086: add warning about UPnP vulnerability
This commit is contained in:
David A. Harding
commit
d5522ac9e1
2 changed files with 65 additions and 0 deletions
65
_alerts/2015-10-12-upnp-vulnerability.md
Normal file
65
_alerts/2015-10-12-upnp-vulnerability.md
Normal file
|
|
@ -0,0 +1,65 @@
|
||||||
|
---
|
||||||
|
## This file is licensed under the MIT License (MIT) available on
|
||||||
|
## http://opensource.org/licenses/MIT.
|
||||||
|
|
||||||
|
title: "Vulnerability in UPnP library used by Bitcoin Core"
|
||||||
|
shorturl: "upnp-vulnerability"
|
||||||
|
active: true
|
||||||
|
banner: "WARNING: serious vulnerability in UPnP library used by Bitcoin Core (click here to read)"
|
||||||
|
bannerclass: "alert"
|
||||||
|
---
|
||||||
|
|
||||||
|
## Summary
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Either
|
||||||
|
|
||||||
|
- turn off the checkbox in the GUI under Options → Network → Map port using UPNP (see above)
|
||||||
|
- add the line `upnp=0` to your `bitcoin.conf` file
|
||||||
|
- add `-upnp=0` to the command line options
|
||||||
|
|
||||||
|
Also upgrade to a version of Bitcoin Core at least 0.10.3 or 0.11.1 when they
|
||||||
|
are released (the release cycle is in progress). These versions upgrade the
|
||||||
|
library to a non-vulnerable version, as well as disable UPnP by default to
|
||||||
|
prevent this problem in the future.
|
||||||
|
|
||||||
|
## Details
|
||||||
|
|
||||||
|
Version before 1.9.20151008 of the miniupnpc library are vulnerable to a buffer
|
||||||
|
overflow in the XML parser during initial network discovery. The
|
||||||
|
vulnerable code triggers at startup of Bitcoin Core if UPnP is enabled.
|
||||||
|
|
||||||
|
Details of the vulnerability can be found here: <http://talosintel.com/reports/TALOS-2015-0035/>
|
||||||
|
|
||||||
|
It has been verified that the vulnerability can be used to crash the
|
||||||
|
application at startup by running a malicious UPnP server on the local
|
||||||
|
network.
|
||||||
|
|
||||||
|
To have more connectable nodes, the Bitcoin Core executables distributed by
|
||||||
|
bitcoin.org include the miniupnpc library and have always had UPnP
|
||||||
|
functionality enabled by default, to forward the P2P port.
|
||||||
|
|
||||||
|
This applies to the distributed executables only, not those built from source or
|
||||||
|
from distribution provided packages. Self-built executables have UPnP disabled
|
||||||
|
by default, unless `--enable-upnp-default` was provided to the configure script.
|
||||||
|
|
||||||
|
Releases starting from 0.10.3 and 0.11.1, and the upcoming 0.12.0 will still ship
|
||||||
|
with (a patched version) of the library, but no longer enable the functionality by default.
|
||||||
|
|
||||||
|
## Mitigation
|
||||||
|
|
||||||
|
Bitcoin Core executables are compiled with Address Space Layout Randomization (ASLR),
|
||||||
|
Stack Smashing Protection (SSP), and non-executable stack and heap (DEP) enabled. This
|
||||||
|
makes it harder to use this vulnerability for remote code execution or private
|
||||||
|
key leaks. However, it is still advised to upgrade, or if not possible, disable
|
||||||
|
UPnP as soon as possible.
|
||||||
|
|
||||||
|
## Manual Port Forwarding
|
||||||
|
|
||||||
|
With UPnP turned off, your node will still connect to 8 other peers on
|
||||||
|
the Bitcoin network to receive new blocks and transactions. However, it
|
||||||
|
will not accept incomming connections from other peers unless you
|
||||||
|
manually enable port forwarding on your router. If you wish to do
|
||||||
|
that---it isn't required---please [follow these
|
||||||
|
instructions](/en/full-node#network-configuration).
|
||||||
BIN
img/alerts/disable_upnp.png
Normal file
BIN
img/alerts/disable_upnp.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 18 KiB |
Loading…
Add table
Add a link
Reference in a new issue