[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] RELAY_EARLY tor network update status (CVE-2014-5117)

To: <tor-relays@xxxxxxxxxxxxxxxxxxxx>, Nusenu <BM-2D8wMEVgGVY76je1WXNPfo8SrpZt5yGHES@xxxxxxxxxxxxx>, s7r <s7r@xxxxxxxxxx>
Subject: Re: [tor-relays] RELAY_EARLY tor network update status (CVE-2014-5117)
From: Sebastian Urbach <sebastian@xxxxxxxxxx>
Date: Fri, 19 Sep 2014 00:03:47 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 18 Sep 2014 18:04:04 -0400
In-reply-to: <541B5269.4070507@xxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <541B47F9.4030003@xxxxxxxxxxxxx> <541B5269.4070507@xxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 AquaMail/1.5.0.10 (build: 2100810)

Hi,

I just opened a ticket.


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have checked the whois records for the IP addresses of the outdated
relays which you earlier advised and found their providers. Opened
support requests and sent them a message.

Records were as follows:
93.174.90.30 support@xxxxxxxxxxx noc@xxxxxxxxxxx

82.165.197.129 support@xxxxxxxxx support@xxxxxxxxx

91.205.172.16 SUPPORT@xxxxxxxxxx

These 2 are in online.net network where they don't provide an email
address, you need account registered with them to contact them. Maybe
someone with account there can open a ticket and send the draft letter
provided below?

IPs of Online.net relays which need contacted (to include so they will
know which customers to notify):
195.154.243.53
195.154.226.66


Dear Provider,

I am a Tor supporter (www.torproject.org). I contact you with a request:

I have identified your customer with IP address <IP> runnig a Tor
relay to help the network (very nice) but unfortunately running an
outdated version for which we have a security CVE and there is a patch
available. Latest Tor release is 0.2.4.23 and your customer needs to
upgrade to this one. Patching the relay is a good practice which will
make the network safer. The bug discovered IS NOT CRITICAL so there
are no serious security threats (no cause to panic), but updating is
always better.

The reason I am contacting you (the provider) is that your customer
has not provided valid contact information in his Tor relay settings.
Can you please kindly forward this notification to your customer and
confirm that it was done? It is in the benefit of everyone, so it
won't get anyone annoyed.

I am sending you this message as an individual Tor supporter and not
on behalf of Torproject.org to which I am in no way related other than
supporting the network as a volunteer.

Thank you in advance for your cooperation and sorry for the approach
but I have no other way to reach your customer.

On 9/19/2014 12:00 AM, Nusenu wrote:

(if you are on the CC list of this email you are probably one of
the tor relay operators running one of the 10 fastest vulnerable
[CVE-2014-5117] relays on the tor network. Please upgrade your tor
relay)

The tor network is currently at 64% of the bandwidth being served
by relays running a recommended version according to
torstatus.blutmagie.de. I updated a previous metrics feature
request so we might see nice graphs about patching progress in
the future [2].


Since we are seeing active RELAY_EARLY attacks again (or new buggy
tor implemantations) I was wondering what the current update stats
look like.

~85%* of the tor network's bandwidth is provided by patched
relays. (~66%	0.2.4.23, ~11%	0.2.5.6-alpha, ~7% 0.2.5.7-rc)

*) according to data from torstatus.blutmagie.de


10 fastest relays still running a vulnerable version:

https://atlas.torproject.org/#details/EC98311F9EC02BEAA183651CE8402249CD036D0A

https://atlas.torproject.org/#details/D1271A1E15C568DA709D3A1E68188EEAE8DDB834

https://atlas.torproject.org/#details/12AD30E5D25AA67F519780E2111E611A455FDC89

https://atlas.torproject.org/#details/1B9FACF25E17D26E307EA7CFA7D455B144B032E5

https://atlas.torproject.org/#details/2F57987F3942BA0BBD706D623F1FF86A896842C2

https://atlas.torproject.org/#details/379FB450010D17078B3766C2273303C358C3A442

https://atlas.torproject.org/#details/935BABE2564F82016C19AEF63C0C40B5753BA3D2

https://atlas.torproject.org/#details/B83DC1558F0D34353BB992EF93AFEAFDB226A73E

https://atlas.torproject.org/#details/104A9453FD93BDBEAE9E2024898266AD2051A1BD

https://atlas.torproject.org/#details/C11650E31F83E149C855D574B3171CC9CF9BEE19


_______________________________________________ tor-relays mailing
list tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


- --
s7r
PGP Fingerprint: 7C36 9232 5ABD FB0B 3021 03F1 837F A52C 8126 5B11
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJUG1JpAAoJEIN/pSyBJlsRbgQH/0k2+9+U2EbVomPdMPvOvi94
wLcI7wGe7dUeOGHh746+0cZvUi5EtCX4T4JjeP8iUY0+uMiIw+iCcBekQNzSjieW
l78++e3HZ1e5CNZIJjAPRt1fPbba87DVF2ms8SjVCClDSjPxeSC7QZpNtNQonDIK
QZ7JZyNi0zn+nffd3i32pSh5YWJoIbI2GbF1RYNJwq906XuvFfagNokDZnRB56ko
bx2CPPWxVWLN5K9pkH4WXRaFCaX0o2KkijU+KvU+rsT3ukIWMhahIT19lX+mIzTA
KX08C42sH0V8+IxCjjWq6+wAaGj3EPRT4JyAaDAerB2cCqs3qMDMupMxUGxHvnQ=
=PpB0
-----END PGP SIGNATURE-----
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] RELAY_EARLY tor network update status (CVE-2014-5117)
  - From: Nusenu
- Re: [tor-relays] RELAY_EARLY tor network update status (CVE-2014-5117)
  - From: s7r

Prev by Author: [tor-relays] Where to report relay warnings
Next by Author: [tor-relays] Multithreading progress
Previous by thread: Re: [tor-relays] RELAY_EARLY tor network update status (CVE-2014-5117)
Next by thread: [tor-relays] obfs3 not recognised by tor 0.2.5.7-rc ?
Index(es):
- Author
- Thread