[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #24333 [Core Tor/Tor]: Fix TROVE-2017-012: Relays can pick themselves in a circuit path (was: Fix TROVE-2017-012)
#24333: Fix TROVE-2017-012: Relays can pick themselves in a circuit path
----------------------------+------------------------------------
Reporter: teor | Owner: (none)
Type: defect | Status: closed
Priority: Medium | Milestone: Tor: 0.3.3.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution: fixed
Keywords: trove-2017-011 | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
----------------------------+------------------------------------
Changes (by nickm):
* status: new => closed
* resolution: => fixed
Old description:
> Ticket for medium severity issue TROVE-2017-012
>
> See https://trac.torproject.org/projects/tor/wiki/TROVE
New description:
Ticket for medium severity issue TROVE-2017-012
See https://trac.torproject.org/projects/tor/wiki/TROVE
{{{
TROVE-2017-012: Relays can pick themselves in a circuit path
SEVERITY: Medium
ALSO TRACKED AS: CVE-2017-8822
DESCRIPTION
A relay can open circuits for reachability purposes, preemptive
Exit circuits or possible onion service client usage. If a relay
doesn't have the descriptors of all the relays in the network, it
is possible for the relay to pick itself in a circuit path like so
(R1: Relay, G: Guard, E: Exit):
R1 -> G -> R1 -> E
This leads to a log warning on the Guard node and the circuit
being closed immediately because tor doesn't allow to extend to
the previous node.
Furthermore, a relay can also pick itself as a primary guard,
leading to it being unable to open any circuits for a while, until
enough failures have been recorded and the guard is switched.
This can only happens if the relay doesn't have all descriptors
downloaded yet, and if it considers itself in the consensus.
This affects version >= 0.2.0.x series which is basically every
relay on the network.
MITIGATION NOTES:
1. If you are using tor but it is not configured as a relay, this
doesn't affect you.
2. This can have anonymity consequences if you are running a
onion service and a relay at the same time on the same tor
instance. It is something we do NOT recommend in the first
place, so: avoid doing this.
ACKNOWLEDGMENTS:
Thanks to the Tor network team members who tracked this down!
FIX:
Everyone affected should upgrade to one of the releases with the fix
for this issue: 0.2.5.16, 0.2.8.17, 0.2.9.14, 0.3.0.13, 0.3.1.9, or
0.3.2.6-alpha.
}}}
--
Comment:
Fixed in today's security releases.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24333#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs