Delivery-Date: Tue, 16 Feb 2016 10:30:32 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 34EE21E0412;
	Tue, 16 Feb 2016 10:30:30 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id A168138E64;
	Tue, 16 Feb 2016 15:30:25 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 5A5AE38AF5
 for <tor-talk@lists.torproject.org>; Tue, 16 Feb 2016 15:30:22 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id pBGCq22ul4QQ for <tor-talk@lists.torproject.org>;
 Tue, 16 Feb 2016 15:30:22 +0000 (UTC)
Received: from mail-lf0-x229.google.com (mail-lf0-x229.google.com
 [IPv6:2a00:1450:4010:c07::229])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id F2DFD380D8
 for <tor-talk@lists.torproject.org>; Tue, 16 Feb 2016 15:30:21 +0000 (UTC)
Received: by mail-lf0-x229.google.com with SMTP id m1so111733902lfg.0
 for <tor-talk@lists.torproject.org>; Tue, 16 Feb 2016 07:30:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:sender:date:message-id:subject:from:to:content-type;
 bh=6H7EgN35DeWEVJnVcfdiqXsbSkZonwENGxw/OSaoEWM=;
 b=cnHRjtVvLrng0EK2QTJpAAiZSwkFnidnO1T4dtbxrpqvJrzmJzPTSV40zhrekwgNix
 wYrBmOZeIShuWc37tAGMaS5i/3WJI9Oc1ZGbspGAg3eR2NpQXw0NUsNZ82oxvISKxalS
 4pYeihiGq9II4XgBJYTeRy50DOgLkrjCB0WfOvAo3weTKUoYu51bNexEtG4VGE0Ig5L0
 n5cqCK4Mn+3IGeumEF3baIOgKhW9Mcy0LfCr479sy4dgZ+BBWnwKcqw/cVsqJVnRipEB
 2Wz7YNxPHNZSNCJH3euJRTdr+jI6QywJ1kMsuUiRV8jtEdB/PN22OO/Nm4V5cyWPppQz
 yYsw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:sender:date:message-id:subject:from
 :to:content-type;
 bh=6H7EgN35DeWEVJnVcfdiqXsbSkZonwENGxw/OSaoEWM=;
 b=NTuUuf2xQ0kOSZ+RMNdjG+W5RNkCo51YT7EvAGMC7a9ce16o4LQQPZnrRVo65k7UhH
 8AJ1Pz6N9NJnwPyKAAiagNu1bO9Ntpx8/0hI4p2aSESe4XHgbCijPBZ+BdXl86ppsjvO
 5WefDAJUtnYvO4MQYob6DlEzJHuvQCK9BNCeWwMe25rqzHJTdLmr2U74/rrPgbR508iY
 dsmZ5sIKHX6bJ8jXo0ZLtCGKJGdWVEbJNJgnEOjBTGCllDWx5uLVaypbGC/xXmSwU5BT
 0Y2yR+R3aZuzZkvFsnxD+FwRziI74ORdSL+nC0M9lGT46q43tq8nNXh4iLvFFGyqs+zg
 b0XQ==
X-Gm-Message-State: AG10YOSvJF5/pyRkHiIdLBema6uK6SSOUUG8/botmIEPGNoGcFOD9oBAmMXamSLfh+fRZZvU823jE1dLmvOxAQ==
MIME-Version: 1.0
X-Received: by 10.25.154.14 with SMTP id c14mr10243023lfe.35.1455636618529;
 Tue, 16 Feb 2016 07:30:18 -0800 (PST)
Received: by 10.112.143.35 with HTTP; Tue, 16 Feb 2016 07:30:18 -0800 (PST)
Date: Tue, 16 Feb 2016 10:30:18 -0500
X-Google-Sender-Auth: aO6uGA_u25Rdom2ynjN89SOnOdY
Message-ID: <CAKDKvuznXZFaoqMaURzWQ7S8bUs3zxoowBA05zSGbOVEWtmS=w@mail.gmail.com>
From: Nick Mathewson <nickm@freehaven.net>
To: "tor-talk@lists.torproject.org" <tor-talk@lists.torproject.org>
Subject: [tor-talk] The CVE-2015-7547 glibc getaddrinfo() vulnerability,
	and you.
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

summary: New glibc bug. If you use glibc, install your vendor's
patches as they become available. Tor is not an easy target for this
attack, but you should upgrade anyway.

Hello, all!

There's apparently a new buffer overflow vulnerability in glibc, with
a patch out today.  If you are running some GNU/linux distribution
that uses the GNU C library, then you should upgrade as soon as your
distribution has a patch.  (And if they don't get a patch for you
soon, maybe you should switch to a distribution that fixes security
holes promptly.)

More info abouve CVE-2015-7547 here:
  * https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html

If I'm reading Tor's code correctly, and if I'm reading the
vulnerability description correctly, Tor should not be an easy target
here.  Tor never uses glibc's resolver to make DNS requests for any
attacker-controlled addresses. So in order to mount an attack based on
the this vulnerability, I think you'd need to successfully take over
one of somebody's configured addresses, first by figuring out what
they're resolving, and then either by compromising an appropriate DNS
server or running an appropriate DNS cache poisoning attack.

Of course, glibc users should upgrade anyway, for a few reasons:
   * Tor is not the only program you are running; some other program
is probably affected.
   * My analysis could be wrong.
   * Who knows, your nameserver might be evil or MITM'd.

Stay safe out there!
-- 
Nick
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

