GitLab

TROVE-2017-011: An attacker can make Tor ask for a password

SEVERITY: High

ALSO TRACKED AS: OSS-Fuzz testcase 6360145429790720, CVE-2017-8821

CREDIT: This was found by OSS-Fuzz.

SUMMARY:

  All over our code, we accept parse RSA public keys in the "PEM"
  format, such as:

  -----BEGIN RSA PUBLIC KEY-----
  SXQncyBjb29sIHRoYXQgeW91IHdlcmUgY29uY2VybmVkIGVub3VnaCB0byBjaGVj
  aywgYnV0IHRoZXJlIGlzIGluIGZhY3Qgbm8gc2VjcmV0IGluZm9ybWF0aW9uIGhl
  cmUuICBUaGlzIHNwYWNlIGludGVudGlvbmFsbHkgbGVmdCBibGFuay4=\n
  -----END RSA PUBLIC KEY-----

  But if you pass OpenSSL a public key that's suitably constructed, it
  will ask for a password.  This applies to public keys as well as
  private keys!

  If this "key" is used in a microdescriptor, an onion service
  descriptor, a relay or bridge descriptor, or anywhere, then OpenSSL
  will pause, and ask for a passphrase.  This blocks Tor, causing a
  denial of service attack. If it causes an onion service or busy client
  to block, this could aid in traffic analysis.

  Tors that are running as a daemon (without a terminal) or inside
  another process may not be vulnerable -- it depends on OpenSSL's
  behavior when it tries to ask for a password.

FIX:

  Everyone affected should upgrade to one of the releases with the fix
  for this issue: 0.2.5.16, 0.2.8.17, 0.2.9.14, 0.3.0.13, 0.3.1.9, or
  0.3.2.6-alpha.