joshua/dash-docs
1
0
Fork 0
mirror of https://github.com/seigler/dash-docs synced 2025-07-28 02:06:13 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull #1086: add warning about UPnP vulnerability

Browse source
This commit is contained in:
David A. Harding 2015-10-12 10:28:10 -04:00
commit d5522ac9e1
No known key found for this signature in database
GPG key ID: 4B29C30FF29EC4B7
2 changed files with 65 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

65
_alerts/2015-10-12-upnp-vulnerability.md Normal file
View file

@ -0,0 +1,65 @@
---
## This file is licensed under the MIT License (MIT) available on
## http://opensource.org/licenses/MIT.
title: "Vulnerability in UPnP library used by Bitcoin Core"
shorturl: "upnp-vulnerability"
active: true
banner: "WARNING: serious vulnerability in UPnP library used by Bitcoin Core (click here to read)"
bannerclass: "alert"
---
## Summary
![Disabling UPnP in the GUI](/img/alerts/disable_upnp.png)
Either
- turn off the checkbox in the GUI under Options → Network → Map port using UPNP (see above)
- add the line `upnp=0` to your `bitcoin.conf` file
- add `-upnp=0` to the command line options
Also upgrade to a version of Bitcoin Core at least 0.10.3 or 0.11.1 when they
are released (the release cycle is in progress). These versions upgrade the
library to a non-vulnerable version, as well as disable UPnP by default to
prevent this problem in the future.
## Details
Version before 1.9.20151008 of the miniupnpc library are vulnerable to a buffer
overflow in the XML parser during initial network discovery. The
vulnerable code triggers at startup of Bitcoin Core if UPnP is enabled.
Details of the vulnerability can be found here: <http://talosintel.com/reports/TALOS-2015-0035/>
It has been verified that the vulnerability can be used to crash the
application at startup by running a malicious UPnP server on the local
network.
To have more connectable nodes, the Bitcoin Core executables distributed by
bitcoin.org include the miniupnpc library and have always had UPnP
functionality enabled by default, to forward the P2P port.
This applies to the distributed executables only, not those built from source or
from distribution provided packages. Self-built executables have UPnP disabled
by default, unless `--enable-upnp-default` was provided to the configure script.
Releases starting from 0.10.3 and 0.11.1, and the upcoming 0.12.0 will still ship
with (a patched version) of the library, but no longer enable the functionality by default.
## Mitigation
Bitcoin Core executables are compiled with Address Space Layout Randomization (ASLR),
Stack Smashing Protection (SSP), and non-executable stack and heap (DEP) enabled. This
makes it harder to use this vulnerability for remote code execution or private
key leaks. However, it is still advised to upgrade, or if not possible, disable
UPnP as soon as possible.
## Manual Port Forwarding
With UPnP turned off, your node will still connect to 8 other peers on
the Bitcoin network to receive new blocks and transactions. However, it
will not accept incomming connections from other peers unless you
manually enable port forwarding on your router. If you wish to do
that---it isn't required---please [follow these
instructions](/en/full-node#network-configuration).

BIN
img/alerts/disable_upnp.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 18 KiB