Bitcoin Bitcoin-Qt和Bitcoind信息泄露漏洞(CVE-2013-2272)


发布日期:2013-01-30
更新日期:2013-03-19

受影响系统:
bitcoin bitcoin 0.7.0rc1 - 0.7.2
 bitcoin bitcoin 0.6.1rc1 - 0.6.4rc4
 bitcoin bitcoin 0.6.0rc1 - 0.6.0.10rc4
 bitcoin bitcoin 0.5.0rc1 - 0.5.7
 bitcoin bitcoin * - 0.4.8rc4
描述:
--------------------------------------------------------------------------------
BUGTRAQ  ID: 58538
 CVE(CAN) ID: CVE-2013-2272
 
Bitcoin是一种用开源的P2P软件而产生的电子货币。

Bitcoin-Qt和Bitcoind在CTxMemPool::accept方法内的penny-flooding保护机制实现上存在安全漏洞,允许远程攻击者通过一系列没有足够费用的大型Bitcoin交易,确定钱包地址和IP地址直接的关系。
 
<*来源:unknown
 
  链接:https://en.bitcoin.it/wiki/CVEs
 *>

测试方法:
--------------------------------------------------------------------------------

警 告

以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
Sergio_Demian_Lerner()提供了如下测试方法:
 
见https://bitcointalk.org/?topic=135856
 ------------------------------------------------
 An attacker can discover which of the addresses are owned by a peer by the following procedure:
 
1. For each address, the attacker choose one unspent output Out(i)
 
2. Group the 1M unspent outputs in 1632 transactions Tx(j), each one containing 613 previns. Each transaction would be approximately 26999 Kbytes long. Add one output. Put zero fees. (GetMinFee() will return zero)
 
3. Send each Tx(j) one by one to the victim node.
 
4. After sending each transaction, the victim node may:
 
- Reject the transaction because it penny-floods (normally). In this case you will be still able to send more transactions.
 
- Disconnect you (DoS detection) you since you are not providing the correct signature scripts (this is the case when you have hit an owned address)
 

5. If you have been disconnected, repeat recursively a binary search grouping the prevouts of this transaction until you find a single one that disconnects you. Note that you may need to add additional dummy previns or prevouts to the transaction if it becomes too small to be blocked by the peer with the penny-flooding protection system.
 
With a 54 Kb/sec link, sending each Tx takes 1/2 sec so finding the first tx takes in the worst case, 13 minutes. Afterwards each binary search step takes 1/2 seconds in the worst case, so with 10 additional tests you can find an prevout with the desired property in 2^10 prevouts, more than the 613 originally contained, in a few seconds.
 
I haven′t tested the attack but, check for yourself. The explanation is clear enough. But without testing the attack, I can be mistaken.
 --------------------------------------------------

建议:
--------------------------------------------------------------------------------
厂商补丁:
 
bitcoin
 -------
 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
 
http://bitcoin.org/

相关内容