[bisq-network/roles] Bitcoin Node Maintainer (#66)

sqrrm notifications at github.com
Mon Nov 11 11:36:09 UTC 2019


## Cycle 7 report

@wiz has done good work on investigating tx issues and fee estimation.

An old issue was disclosed on the dev mailing list, showing the importance of running the latest node. It also highlights the trouble we might find ourselves in once SPV support is removed. If we then stay on old versions due to the SPV support we might be running nodes with known issues.

> 
> CVE-2017-18350 is a buffer overflow vulnerability which allows a malicious 
> SOCKS proxy server to overwrite the program stack on systems with a signed 
> `char` type (including common 32-bit and 64-bit x86 PCs).
> 
> The vulnerability was introduced in 60a87bce873ce1f76a80b7b8546e83a0cd4e07a5 
> (SOCKS5 support) and first released in Bitcoin Core v0.7.0rc1 in 2012 Aug 27.
> A fix was hidden in d90a00eabed0f3f1acea4834ad489484d0012372 ("Improve and 
> document SOCKS code") released in v0.15.1, 2017 Nov 6.
> 
> To be vulnerable, the node must be configured to use such a malicious proxy in 
> the first place. Note that using *any* proxy over an insecure network (such 
> as the Internet) is potentially a vulnerability since the connection could be 
> intercepted for such a purpose.
> 
> Upon a connection request from the node, the malicious proxy would respond 
> with an acknowledgement of a different target domain name than the one
> requested. Normally this acknowledgement is entirely ignored, but if the 
> length uses the high bit (ie, a length 128-255 inclusive), it will be 
> interpreted by vulnerable versions as a negative number instead. When the 
> negative number is passed to the recv() system call to read the domain name, 
> it is converted back to an unsigned/positive number, but at a much wider size 
> (typically 32-bit), resulting in an effectively infinite read into and beyond 
> the 256-byte dummy stack buffer.
> 
> To fix this vulnerability, the dummy buffer was changed to an explicitly 
> unsigned data type, avoiding the conversion to/from a negative number.
> 
> Credit goes to practicalswift (https://twitter.com/practicalswift) for 
> discovering and providing the initial fix for the vulnerability, and Wladimir 
> J. van der Laan for a disguised version of the fix as well as general cleanup 
> to the at-risk code.
> 
> Timeline:
> - 2012-04-01: Vulnerability introduced in PR #1141.
> - 2012-05-08: Vulnerability merged to master git repository.
> - 2012-08-27: Vulnerability published in v0.7.0rc1.
> - 2012-09-17: Vulnerability released in v0.7.0.
> ...
> - 2017-09-21: practicalswift discloses vulnerability to security team.
> - 2017-09-23: Wladimir opens PR #11397 to quietly fix vulernability.
> - 2017-09-27: Fix merged to master git repository.
> - 2017-10-18: Fix merged to 0.15 git repository.
> - 2017-11-04: Fix published in v0.15.1rc1.
> - 2017-11-09: Fix released in v0.15.1.
> ...
> - 2019-06-22: Vulnerability existence disclosed to bitcoin-dev ML.
> - 2019-11-08: Vulnerability details disclosure to bitcoin-dev ML.
> 

https://github.com/bisq-network/compensation/issues/403

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/bisq-network/roles/issues/66#issuecomment-552408400
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bisq.network/pipermail/bisq-github/attachments/20191111/1be5afc9/attachment-0001.html>


More information about the bisq-github mailing list