[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: both my servers crashed

On 4/23/05, Ron Davis <ron_davis@xxxxxxxx> wrote:
> Apr 23 12:56:09.180 [warn] tor_tls_get_peer_cert_nickname(): Peer
> certificate nickname has illegal characters.
> Apr 23 12:56:09.180 [warn] connection_tls_finish_handshake(): Other side
> ( has a cert without a valid nickname. Closing.
> Apr 23 12:56:11.540 [err] _assert_no_tls_errors(): Unhandled OpenSSL
> errors found at buffers.c:229:

That's the Tor process being over sensitive and aborting at the first
sign of errors. It could be that some kiddie has figured out they can
shut nodes down by triggering this assertion failure. However, in
light of this:

> After the first Windows error message, I rebooted and found the
> installer exe of the backdoor program FTPCentre.13.A on my system (
> http://www.megasecurity.org/trojans/f/ftpcenter/Ftpcenter1.3.html ).
> I suspect that the instability of the system somehow opened it to an
> intruder.

It's possible that someone has found a buffer overflow in Tor. Anyone
who's server died with similar messages on Window should look at the
above link and check their systems. (Please report findings to the
list also.)

I don't know if the OpenSSL libraries are linked with the Windows Tor
package, or are installed separately, but they MUST be >= 0.9.6m or >=


Adam Langley                                      agl@xxxxxxxxxxxxxxxxxx
http://www.imperialviolet.org                       (+44) (0)7906 332512
PGP: 9113   256A   CC0F   71A6   4C84   5087   CDA5   52DF   2CB6   3D60