[tor-bugs] #24245 [Core Tor/Tor]: Fix TROVE-2017-010: Remote DoS attack against directory authorities (was: Fix TROVE-2017-010)
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Dec 1 14:00:04 UTC 2017
#24245: Fix TROVE-2017-010: Remote DoS attack against directory authorities
----------------------------+------------------------------------
Reporter: nickm | Owner: nickm
Type: defect | Status: closed
Priority: Medium | Milestone: Tor: 0.2.9.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution: fixed
Keywords: trove-2017-010 | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
----------------------------+------------------------------------
Changes (by nickm):
* status: accepted => closed
* milestone: Tor: 0.3.3.x-final => Tor: 0.2.9.x-final
* resolution: => fixed
Old description:
New description:
{{{
TROVE-2017-010: Remote DoS attack against directory authorities
SEVERITY: Medium
ALSO TRACKED AS: CVE-2017-8820
SUMMARY:
If an attacker uploads a malformed descriptor to a directory
authority, lacking a protocol line and not claiming any particular
Tor compatibility, the authority will crash when it tries to vote.
THE PROBLEM:
An attacker who sends a malformatted descriptor to a directory
authority can make that directory authority crash by reading a null
pointer.
The problematic code was introduced in 0.2.9.4-alpha, with the rest
of the subprotocols system.
FIX:
All directory authorities should upgrade to one of the releases with
a fix for this issue: 0.2.9.14, 0.3.0.13, 0.3.1.9, or 0.3.2.6-alpha.
}}}
--
Comment:
This issue is fixed in today's security releases.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24245#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list