bitcoin.github.com/dos.html at master · ripper2345/bitcoin.github.com · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <title>Bitcoin - </title>
    <meta name="description" content="The original site offering documentation and open-source Bitcoin software." />
    <meta name="author" content="" />
    <meta name="robots" content="noodp" />

    <!-- Le HTML5 shim, for IE6-8 support of HTML elements -->
    <!--[if lt IE 9]>
      <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script>
    <![endif]-->

    <!-- scripting -->
    <!--
    <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js"></script>
    <script src="/lib/app.js"></script>
    -->

    <!-- stylesheet -->
    <link rel="stylesheet" type="text/css" href="/f1b866750ff2bcf99a6cfaa01e17dbf6.css" />

    <!-- fav and touch icons -->
    <link rel="shortcut icon" href="/favicon.ico">
    <!--
    <link rel="apple-touch-icon" href="images/apple-touch-icon.png">
    <link rel="apple-touch-icon" sizes="72x72" href="images/apple-touch-icon-72x72.png">
    <link rel="apple-touch-icon" sizes="114x114" href="images/apple-touch-icon-114x114.png">
    -->
  </head>

  <body>

        <div id="masthead">
      <div class="inner">
        <div class="container primarybox">
          <h1><img width=38 height=40 src="/img/logo_small.png" class="thelogo" /> Bitcoin <small>P2P Digital Currency</small></h1>
        </div>
      </div>
    </div>

    <div class="topbar" id="menu">
  <div class="fill">
    <div class="container">
      <ul>


        <li>
          <a href="/">Home</a>
        </li>


        <li>
          <a href="/news.html">News</a>
        </li>


        <li>
          <a href="/about.html">About</a>
        </li>


        <li>
          <a href="/clients.html">Clients</a>
        </li>

      </ul>
    </div>
  </div>
</div>


        <div class="container">
      <section id="dos">
        <h1>CVE-2012-2459: Critical Vulnerability (denial-of-service)</h1>
        <h2>Risks</h2>
<p>
A denial-of-service vulnerability that affects all versions of
bitcoind and Bitcoin-Qt has been reported and fixed. An attacker
could isolate a victim's node and cause the creation of blockchain
forks.
</p>
        <h2>Solutions</h2>
<p>
Because this bug could be exploited to severely disrupt the Bitcoin
network we consider this a critical vulnerability, and encourage
everybody to upgrade to <a href="https://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.6.2/">the latest version: 0.6.2</a>.
</p>
<p>
<a href="https://bitcointalk.org/?topic=79651">Backports for older releases (0.5.5 and 0.4.6) are also available</a> if
you cannot upgrade to version 0.6.2.
</p>
        <h2>Technical Details</h2>
<p>
Full technical details are being withheld to give people the
opportunity to upgrade.
</p>
<p>
Thanks to <a href="http://forre.st/">Forrest Voight</a> for discovering and reporting the vulnerability.
</p>
        <h2>Questions &amp; Answers</h2>
<h3>
How would I know if I am the victim of this attack?
</h3>
<p>
Your bitcoin process would stop processing blocks and would have a
different block count from the rest of the network (you can see the
current block count at websites like <a href="http://blockexplorer.com/">blockexplorer.com</a> or
<a href="http://blockchain.info/">blockchain.info</a>).  Eventually it would display the message:
</p>
<blockquote>WARNING: Displayed transactions may not be correct!  You may need to
upgrade, or other nodes may need to upgrade.</blockquote>
<p>
(note that this message is displayed whenever your bitcoin process
detects that the rest of the network seems to have a different
block count, which can happen for several reasons unrelated to
this vulnerability).
</p>
<h3>
Could this bug be used to steal my wallet?
</h3>
<p>
No.
</p>
<h3>
Could this bug be used to install malware on my system?
</h3>
<p>
No.
</p>
        <div style="text-align:right">
         <i>This notice last updated: Mon May 14 17:00:00 UTC 2012</i>
        </div>
      </section>
    </div>


    <div class="container">
      <footer>
        <div class="inner">
            <p>
              &copy; Bitcoin Project 2009&ndash;2012<br/>
              Released under the <a href="http://creativecommons.org/licenses/MIT/">MIT license</a>
            </p>
          </div>
      </footer>
    </div>

  </body>
</html>