[bitcoin-list] Critical denial-of-service vulnerability
gavinandresen at gmail.com
Mon May 14 10:09:55 PDT 2012
-----BEGIN PGP SIGNED MESSAGE-----
CVE-2012-2459: Critical Vulnerability
A denial-of-service vulnerability that affects all versions of
bitcoind and Bitcoin-Qt has been reported and fixed. An attacker
could isolate a victim's node and cause the creation of blockchain
Because this bug could be exploited to severely disrupt the Bitcoin
network we consider this a critical vulnerability, and encourage
everybody to upgrade to the latest version: 0.6.2.
Backports for older releases (0.5.5 and 0.4.6) are also available if
you cannot upgrade to version 0.6.2.
Full technical details are being withheld to give people the
opportunity to upgrade.
Thanks to Forrest Voight for discovering and reporting the vulnerability.
Questions that might be frequently asked:
How would I know if I am the victim of this attack?
Your bitcoin process would stop processing blocks and would have a
different block count from the rest of the network (you can see the
current block count at websites like blockexplorer.com or
blockchain.info). Eventually it would display the message:
"WARNING: Displayed transactions may not be correct! You may need to
upgrade, or other nodes may need to upgrade."
(note that this message is displayed whenever your bitcoin process
detects that the rest of the network seems to have a different
block count, which can happen for several reasons unrelated to
Could this bug be used to steal my wallet?
Could this bug be used to install malware on my system?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
-----END PGP SIGNATURE-----
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
bitcoin-list mailing list
bitcoin-list at lists.sourceforge.net
----- End forwarded message -----
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
More information about the cypherpunks-legacy