forked from bitcoin-dot-org/Bitcoin.org
-
Notifications
You must be signed in to change notification settings - Fork 5
/
dos.html
66 lines (66 loc) · 2.15 KB
/
dos.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
---
layout: base-en
---
<div class="container">
<section id="dos">
<h1>CVE-2012-2459: Critical Vulnerability (denial-of-service)</h1>
<h2>Risks</h2>
<p>
A denial-of-service vulnerability that affects all versions of
bitcoind and Bitcoin-Qt has been reported and fixed. An attacker
could isolate a victim's node and cause the creation of blockchain
forks.
</p>
<h2>Solutions</h2>
<p>
Because this bug could be exploited to severely disrupt the Bitcoin
network we consider this a critical vulnerability, and encourage
everybody to upgrade to <a href="https://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.6.2/">the latest version: 0.6.2</a>.
</p>
<p>
<a href="https://bitcointalk.org/?topic=79651">Backports for older releases (0.5.5 and 0.4.6) are also available</a> if
you cannot upgrade to version 0.6.2.
</p>
<h2>Technical Details</h2>
<p>
Full technical details are being withheld to give people the
opportunity to upgrade.
</p>
<p>
Thanks to <a href="http://forre.st/">Forrest Voight</a> for discovering and reporting the vulnerability.
</p>
<h2>Questions & Answers</h2>
<h3>
How would I know if I am the victim of this attack?
</h3>
<p>
Your bitcoin process would stop processing blocks and would have a
different block count from the rest of the network (you can see the
current block count at websites like <a href="http://blockexplorer.com/">blockexplorer.com</a> or
<a href="http://blockchain.info/">blockchain.info</a>). Eventually it would display the message:
</p>
<blockquote>WARNING: Displayed transactions may not be correct! You may need to
upgrade, or other nodes may need to upgrade.</blockquote>
<p>
(note that this message is displayed whenever your bitcoin process
detects that the rest of the network seems to have a different
block count, which can happen for several reasons unrelated to
this vulnerability).
</p>
<h3>
Could this bug be used to steal my wallet?
</h3>
<p>
No.
</p>
<h3>
Could this bug be used to install malware on my system?
</h3>
<p>
No.
</p>
<div style="text-align:right">
<i>This notice last updated: Mon May 14 17:00:00 UTC 2012</i>
</div>
</section>
</div>