1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
|
Return-Path: <kanzure@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 8A4B9102E
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 26 Sep 2018 03:40:36 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-ua1-f52.google.com (mail-ua1-f52.google.com
[209.85.222.52])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id B1F8D25A
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 26 Sep 2018 03:40:35 +0000 (UTC)
Received: by mail-ua1-f52.google.com with SMTP id g18-v6so10333303uam.6
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 25 Sep 2018 20:40:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:from:date:message-id:subject:to
:content-transfer-encoding;
bh=HL5hYHbAB0WOnNzhTcRMVtv9lTAdrCBUqGR2QDhsCfI=;
b=q2IkD8QLb4mSKHdFvawgq1/6jMEGN8saO7cuMkR2r0aTNetbQJzRYoD9bghvQXzHo2
CFXOHxhu8+hvWk5gZchRH2w2e46y+xP8jlC1YwdZq8RBH45XenLUKnUIF089wJ1L58zS
0l7Lp7P5HX+tTjGhQlYStGlnszUy3qMWvhXoApJ+iUlYKCSFVjUq+EKdzFKA6mWviWIu
GhEcAWsWuvCHnDA+HuRW6ipMiCqba3RNXi3gyMXpH5a/R/Ifdo+9mJ/KamfH2nKWgauy
EKcVscG1HL/Ll6w2NKzVEbmDojm1F8jShynGuu01n/IwyNq/E6TbOo+1/+RsBMhbb0Ft
+wAg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:from:date:message-id:subject:to
:content-transfer-encoding;
bh=HL5hYHbAB0WOnNzhTcRMVtv9lTAdrCBUqGR2QDhsCfI=;
b=hHB6toKC2iziBFes7EM0fr20joWl4yh+Yfgrsm7xzR2XaRlzNvGUfNxdl3mDC9t+qK
f4oTidmAKguzy38zx7t5D/+LCqyToZPin0+CtTn9C5ElVMhMYwy/GXUymsbAfHavClhn
wsj1VBFlJzHCccgxPpzkbxdyHK6zMk5SSg4bpvuMY9aIk8t1DD+BEd5B9tFIIU01XmOb
A8Zv8kPYIkXD+9xt0H3H9j13otuNVrHQwr3lovQlay9Wxmb2rO9PiAFplkFlE8hBlSxt
ovsMJZpCIwZv/ucFxjqkx4rw1aS6yBpqxoGuEj9nQydSxHnyT3koYaSre/qXKFVK7mEx
7npg==
X-Gm-Message-State: ABuFfoiuTljDvxQERq6LR/yY2y9W4a6xBfOgLXVkaymOiKjYk2HEFEvy
+mmtAc/C+Mikp9WmVFCDZcV3lkPFoJjpeo22xKXWo0N+
X-Google-Smtp-Source: ACcGV60AbqvkNuTheZOMjKc4uqzdGkneRzPvu+jiSK3nynGQGo81LcFtclvU6A1mgIQipwIbF1nCdcorpi/CsVJQvW4=
X-Received: by 2002:ab0:6499:: with SMTP id
p25-v6mr1235111uam.106.1537933234433;
Tue, 25 Sep 2018 20:40:34 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:ab0:6487:0:0:0:0:0 with HTTP; Tue, 25 Sep 2018 20:40:32
-0700 (PDT)
From: Bryan Bishop <kanzure@gmail.com>
Date: Tue, 25 Sep 2018 22:40:32 -0500
Message-ID: <CABaSBaxq_nPSPc5x3hM5kXqb5cmKDRVTpFSLfbmXpj56PH5h_Q@mail.gmail.com>
To: Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org>,
Bryan Bishop <kanzure@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM,
RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Wed, 26 Sep 2018 03:41:26 +0000
Subject: [bitcoin-dev] CVE-2018-17144 disclosure (inflation vulnerability)
(copy-paste)
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Sep 2018 03:40:36 -0000
It has been informed to me that the writeup for the recent
vulnerability was not distributed to this mailing list. Please find
details at the following blog post:
https://bitcoincore.org/en/2018/09/20/notice/
I believe a release notice was posted but not information about the bug,
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-September/0164=
13.html
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-September/0164=
14.html
There was also further discussion here:
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-September/0164=
24.html
Also, around the time those emails were sent, there was a mailing list
moderator queue bug and nobody was able to approve emails including
myself. This bug was subsequently resolved by Linux Foundation.
The remainder of this email is copy-paste from the bitcoincore.org
page linked above.
=3D=3D=3D Full disclosure =3D=3D=3D
CVE-2018-17144, a fix for which was released on September 18th in
Bitcoin Core versions 0.16.3 and 0.17.0rc4, includes both a Denial of
Service component and a critical inflation vulnerability. It was
originally reported to several developers working on Bitcoin Core, as
well as projects supporting other cryptocurrencies, including ABC and
Unlimited on September 17th as a Denial of Service bug only, however
we quickly determined that the issue was also an inflation
vulnerability with the same root cause and fix.
In order to encourage rapid upgrades, the decision was made to
immediately patch and disclose the less serious Denial of Service
vulnerability, concurrently with reaching out to miners, businesses,
and other affected systems while delaying publication of the full
issue to give times for systems to upgrade. On September 20th a post
in a public forum reported the full impact and although it was quickly
retracted the claim was further circulated.
At this time we believe over half of the Bitcoin hashrate has upgraded
to patched nodes. We are unaware of any attempts to exploit this
vulnerability.
However, it still remains critical that affected users upgrade and
apply the latest patches to ensure no possibility of large
reorganizations, mining of invalid blocks, or acceptance of invalid
transactions occurs.
=3D=3D=3D Technical details =3D=3D=3D
In Bitcoin Core 0.14, an optimization was added (Bitcoin Core PR
#9049) which avoided a costly check during initial pre-relay block
validation that multiple inputs within a single transaction did not
spend the same input twice which was added in 2012 (PR #443). While
the UTXO-updating logic has sufficient knowledge to check that such a
condition is not violated in 0.14 it only did so in a sanity check
assertion and not with full error handling (it did, however, fully
handle this case twice in prior to 0.8).
Thus, in Bitcoin Core 0.14.X, any attempts to double-spend a
transaction output within a single transaction inside of a block will
result in an assertion failure and a crash, as was originally
reported.
In Bitcoin Core 0.15, as a part of a larger redesign to simplify
unspent transaction output tracking and correct a resource exhaustion
attack the assertion was changed subtly. Instead of asserting that the
output being marked spent was previously unspent, it only asserts that
it exists.
Thus, in Bitcoin Core 0.15.X, 0.16.0, 0.16.1, and 0.16.2, any attempts
to double-spend a transaction output within a single transaction
inside of a block where the output being spent was created in the same
block, the same assertion failure will occur (as exists in the test
case which was included in the 0.16.3 patch). However, if the output
being double-spent was created in a previous block, an entry will
still remain in the CCoin map with the DIRTY flag set and having been
marked as spent, resulting in no such assertion. This could allow a
miner to inflate the supply of Bitcoin as they would be then able to
claim the value being spent twice.
=3D=3D=3D Timeline =3D=3D=3D
Timeline for September 17, 2018: (all times UTC)
14:57 anonymous reporter reports crash bug to: Pieter Wuille, Greg
Maxwell, Wladimir Van Der Laan of Bitcoin Core, deadalnix of Bitcoin
ABC, and sickpig of Bitcoin Unlimited.
15:15 Greg Maxwell shares the original report with Cory Fields, Suhas
Daftuar, Alex Morcos and Matt Corallo
17:47 Matt Corallo identifies inflation bug
19:15 Matt Corallo first tries to reach slushpool CEO to have a line
of communication open to apply a patch quickly
19:29 Greg Maxwell timestamps the hash of a test-case which
demonstrates the inflation vulnerability
(a47344b7dceddff6c6cc1c7e97f1588d99e6dba706011b6ccc2e615b88fe4350)
20:15 John Newbery and James O=E2=80=99Beirne are informed of the
vulnerability so they can assist in alerting companies to a pending
patch for a DoS vulnerability
20:30 Matt Corallo speaks with slushpool CTO and CEO and shares patch
with disclosure of the Denial of Service
20:48 slushpool confirmed upgraded
21:08 Alert was sent to Bitcoin ABC that a patch will be posted
publicly by 22:00
21:30 (approx) Responded to original reporter with an acknowledgment
21:57 Bitcoin Core PR 14247 published with patch and test
demonstrating the Denial of Service bug
21:58 Bitcoin ABC publishes their patch
22:07 Advisory email with link to Bitcoin Core PR and patch goes out
to Optech members, among others
23:21 Bitcoin Core version 0.17.0rc4 tagged
September 18, 2018:
00:24 Bitcoin Core version 0.16.3 tagged
20:44 Bitcoin Core release binaries and release announcements were availabl=
e
21:47 Bitcointalk and reddit have public banners urging people to upgrade
September 19, 2018:
14:06 The mailing list distributes an additional message urging people
to upgrade by Pieter Wuille
September 20, 2018:
19:50 David Jaenson independently discovered the vulnerability, and it
was reported to the Bitcoin Core security contact email.
- Bryan
http://heybryan.org/
1 512 203 0507
|