Tor 0.2.2.34 is released (security patches)

by erinn | October 28, 2011

Tor 0.2.2.34 fixes a critical anonymity vulnerability where an attacker
can deanonymize Tor users. Everybody should upgrade.

The attack relies on four components:

  • 1) Clients reuse their TLS cert when talking to different relays, so relays can recognize a user by the identity key in her cert.
  • 2) An attacker who knows the client's identity key can probe each guard relay to see if that identity key is connected to that guard relay right now.
  • 3) A variety of active attacks in the literature (starting from "Low-Cost Traffic Analysis of Tor" by Murdoch and Danezis in 2005) allow a malicious website to discover the guard relays that a Tor user visiting the website is using.
  • 4) Clients typically pick three guards at random, so the set of guards for a given user could well be a unique fingerprint for her. This release fixes components #1 and #2, which is enough to block the attack; the other two remain as open research problems.

Special thanks to "frosty_un" for reporting the issue to us! (As far as we know, this has nothing to do with any claimed attack currently getting attention in the media.)

Clients should upgrade so they are no longer recognizable by the TLS certs they present. Relays should upgrade so they no longer allow a remote attacker to probe them to test whether unpatched clients are currently connected to them.

This release also fixes several vulnerabilities that allow an attacker to enumerate bridge relays. Some bridge enumeration attacks still remain; see for example proposal 188.

https://torproject.org/download/download-easy

Changes in version 0.2.2.34 - 2011-10-26

Privacy/anonymity fixes (clients):

  • Clients and bridges no longer send TLS certificate chains on outgoing OR
    connections. Previously, each client or bridge would use the same cert chain
    for all outgoing OR connections until its IP address changes, which allowed any
    relay that the client or bridge contacted to determine which entry guards it is
    using. Fixes CVE-2011-2768. Bugfix on 0.0.9pre5; found by "frosty_un".
  • If a relay receives a CREATE_FAST cell on a TLS connection, it no longer
    considers that connection as suitable for satisfying a circuit EXTEND request.
    Now relays can protect clients from the CVE-2011-2768 issue even if the clients
    haven't upgraded yet.
  • Directory authorities no longer assign the Guard flag to relays that
    haven't upgraded to the above "refuse EXTEND requests to client connections"
    fix. Now directory authorities can protect clients from the CVE-2011-2768 issue
    even if neither the clients nor the relays have upgraded yet. There's a new
    "GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays" config option to let us
    transition smoothly, else tomorrow there would be no guard relays.

Privacy/anonymity fixes (bridge enumeration):

  • Bridge relays now do their directory fetches inside Tor TLS connections,
    like all the other clients do, rather than connecting directly to the DirPort
    like public relays do. Removes another avenue for enumerating bridges. Fixes
    bug 4115; bugfix on 0.2.0.35.
  • Bridges relays now build circuits for themselves in a more similar way to
    how clients build them. Removes another avenue for enumerating bridges. Fixes
    bug 4124; bugfix on 0.2.0.3-alpha, when bridges were introduced.
  • Bridges now refuse CREATE or CREATE_FAST cells on OR connections that they
    initiated. Relays could distinguish incoming bridge connections from client
    connections, creating another avenue for enumerating bridges. Fixes
    CVE-2011-2769. Bugfix on 0.2.0.3-alpha. Found by "frosty_un".

Major bugfixes:

  • Fix a crash bug when changing node restrictions while a DNS lookup is
    in-progress. Fixes bug 4259; bugfix on 0.2.2.25-alpha. Bugfix by "Tey'".
  • Don't launch a useless circuit after failing to use one of a hidden
    service's introduction points. Previously, we would launch a new introduction
    circuit, but not set the hidden service which that circuit was intended to
    connect to, so it would never actually be used. A different piece of code would
    then create a new introduction circuit correctly. Bug reported by katmagic and
    found by Sebastian Hahn. Bugfix on 0.2.1.13-alpha; fixes bug 4212.

Minor bugfixes:

  • Change an integer overflow check in the OpenBSD_Malloc code so that GCC is
    less likely to eliminate it as impossible. Patch from Mansour Moufid. Fixes bug
    4059.
  • When a hidden service turns an extra service-side introduction circuit into
    a general-purpose circuit, free the rend_data and intro_key fields first, so we
    won't leak memory if the circuit is cannibalized for use as another
    service-side introduction circuit. Bugfix on 0.2.1.7-alpha; fixes bug
    4251.
  • Bridges now skip DNS self-tests, to act a little more stealthily. Fixes
    bug 4201; bugfix on 0.2.0.3-alpha, which first introduced bridges. Patch by
    "warms0x".
  • Fix internal bug-checking logic that was supposed to catch failures in
    digest generation so that it will fail more robustly if we ask for a
    nonexistent algorithm. Found by Coverity Scan. Bugfix on 0.2.2.1-alpha; fixes
    Coverity CID 479.
  • Report any failure in init_keys() calls launched because our IP address has
    changed. Spotted by Coverity Scan. Bugfix on 0.1.1.4-alpha; fixes CID 484.

Minor bugfixes (log messages and documentation):

  • Remove a confusing dollar sign from the example fingerprint in the man
    page, and also make the example fingerprint a valid one. Fixes bug 4309; bugfix
    on 0.2.1.3-alpha.
  • The next version of Windows will be called Windows 8, and it has a major
    version of 6, minor version of 2. Correctly identify that version instead of
    calling it "Very recent version". Resolves ticket 4153; reported by
    funkstar.
  • Downgrade log messages about circuit timeout calibration from "notice" to
    "info": they don't require or suggest any human intervention. Patch from Tom
    Lowenthal. Fixes bug 4063; bugfix on 0.2.2.14-alpha.

Minor features:

  • Turn on directory request statistics by default and include them in
    extra-info descriptors. Don't break if we have no GeoIP database. Backported
    from 0.2.3.1-alpha; implements ticket 3951.
  • Update to the October 4 2011 Maxmind GeoLite Country database.

Comments

Please note that the comment area below has been archived.

October 27, 2011

Permalink

Attention security researchers, this is how you attack Tor successfully. Read and take notes.

October 27, 2011

Permalink

I am a total "ungeek". I downloaded the upgrade or whatever it is - as I was prompted to do. But now my Firefox says it cannot connect! (it says the "proxy server is refusing connections" - the same message I used to get if I accidentally opened Firefox before connecting the Vidalia.) Instead I have this Aurora that automatically opens. I gather the Aurora is a kind of Firefox. But of course it has none of my bookmarks. And is missing some of my add-ons.

I have a husband who is going to go nuts with this new system! Which he refuses to download for that very reason.

I am 66 and my husband is 72. Two Ph.D.'s but total geezers when it comes to stuff like this!

We have very, very slow internet. So if somehow I'm now acting as a relay person, believe me.... we can't get any slower.

I remain your humble servant and loyal Tor user since discovering you a year or so ago. (It took me forever... till a couple months ago to talk my husband into this...)

I am truly "at sea" here....

To a certain degree, you could view the lack of addons and other normal features as the point: Tor bundles include a copy of firefox that does not include addons precisely because these addons can spill information making you less anonymous. Similarly, Tor also includes other addons that aid in keeping you anonymous. If you wish to use some of these addons, you can still install them but they may (or may not) comprise your anonymity.

If you wish to still use your addons, you can go to your normal, non-Aurora, version of firefox, click on the "firefox" tab, then on "bookmarks", "show all bookmarks" and use the export function under the "import and backup" button. After exporting your standard bookmarks, you can then import them into Aurora using the import function in the same menu.

It's also worth keeping in mind that Tor is not an absolute solution to anonymity. You must also alter your habits and evaluate how additional software you use may comprise your anonymity.

Somebody must have downloaded the Aurora channel of Firefox; these are alpha-quality releases, and most people should be using the Stable channel. Uninstall Aurora (keeping your personal data just in case) and get the Stable version of Firefox (currently 7.0.1) here: http://www.mozilla.org/en-US/firefox/new/

Also, Tor does definitely slow down your network connection, so if you aren't absolutely sure you need its anonymizing qualities, you may be better off not using it.

No, don't uninstall Aurora and get Firefox instead. That's very bad advice. The browser bundle is configured to Tor standards, it is not just an alpha build straight off the Firefox site. It is not a mistake. The use of the Aurora name is new and is based on possible trademark violations associated with shipping the Firefox name and logo.

Is this the first time you've updated since Polipo was removed? That may be the cause of the "cannot connect" message. If so, you can't reuse the old profile because it tries to tell the browser to look for Polipo which you no longer have. So this time, you would need to start with a clean install and import your bookmarks from the old one (In the new browser, click the Bookmarks Tab, then Show All, then Import and Backup, Restore, then Choose File and navigate to your old Tor profile folder and choose the most recent bookmarks backup there). Also copy or redownload your addons. This will make it so that none of the code pointing the browser to Polipo remains.

October 28, 2011

Permalink

Hi, I live in China and I would like to know if I can use Tor as a proxy to go on websites like Facebook, Youtube, newspapers websites, etc...?

Youtube allows you to view videos without Flash by going to https://www.youtube.com/html5 and clicking "Join the HTML5 trial" (it sets a cookie). After that the videos will work until the cookie gets cleared.

Use sparingly, though... videos take a lot of bandwidth from the network. I'd suggest choosing low quality versions when possible.

As for Facebook, it should work fine.

One warning about HTML5 YouTube: If you still have to use Firefox 3.6.* or below (4.0 removed the statusbar that many add-ons like GoogleSharing (but not Torbutton) depend on), you cannot use it or other HTML5 sites.

The initial problem was introduced in 0.0.9pre5, released on Nov 9 2004:
"""
- Clients now generate a TLS cert too, in preparation for having
them act more like real nodes.
"""

But the combination of factors required to exploit it probably didn't show up until a) we deployed the entry guard design in 0.1.1.x (May 2006) and b) we started having Tor clients tunnel their directory requests over TLS connections in 0.1.2.x (Apr 2007).

So, "quite old".

November 03, 2011

In reply to arma

Permalink

So (out of curiosity) was the credited report from "frosty-un" old as well, or recent?

November 06, 2011

In reply to arma

Permalink

Great work, but a scary situation nevertheless. I think there is a tendency (especially with open, peer-reviewed software) to assume that if no serious flaws are discovered in a "reasonable" period of time, such flaws must not exist. Bad assumption, and this should serve as a useful lesson on that point. Vigilence and suspicion seem to be our very best friends.

October 28, 2011

Permalink

For the person asking about the bug's age: I am not a Tor developer and have not looked into this, but I heard a friend in security talking about the TLS issue since late July/early August.

October 28, 2011

Permalink

About your participation in Silicon Valley Human Rights 2011 conference I would like to hear wath you said and what is your opinion on the event and if you suscribe to the conclusions. (I saw Karen Reilly there). A.P.

October 28, 2011

Permalink

To the Question.......Hi, I live in China and I would like to know if I can use Tor as a proxy to go on websites like Facebook, Youtube, newspapers websites, etc...?......

REPLY: if you use TorBrowserBundle you cannot reach YouTube !!!!! Thats because Firefox 7 does not use Flash and the likes. And if u get there you will see a captcha and if you fill it, that captcha will geoip your location. Be careful. Ask again. A.P.

October 28, 2011

Permalink

if you guys are so paranoid about you being tracked on the internet, because you're all unique snowflakes that the government personally has an eye on, then maybe you should just stop using the internet. i mean if the government is so keen on tracking *you* they've probably got means of doing so that have nothing to do with finding out whether or not you laughed at some dude's twitter posts about his morning bowel movement.

Yes, we are all unique snowflakes that governments want to observe, log and archive, so that if ,perchance, they did want to keep a closer eye on us, they would know where to look. TOR is about us snowflakes becoming an impenetrable blizzard.

The captcha is a normal image. When your browser requests a captcha image from a server the requesting IP address can be looked up in a geoip-location database.
For Tor users the requesting IP translates into the location of the exit node. The server, at YouTube for example, may decide to not transmit into that country.

October 29, 2011

Permalink

"Turn on directory request statistics by default and include them in
extra-info descriptors."

Who (client or relays) sends what, when, and who receives that?

CAPTCHA is a test to decide whether you are a spambot that just floods the comment sections, forums and so on with spam or a genuine user. The test usually involves a picture with a text. Some CAPTCHA providers may not work very well with Tor. So far, only one from what I saw.

ok thank you for explanations. I thought it could identify me that's why I was surprised! I've also noticed that it could be anoying to connect with some websites.

October 29, 2011

Permalink

tks.

October 30, 2011

Permalink

What is the impact on Tor when a computer automatically changes time by jumping an hour to make the daylight saving adaption?
All this while circuits are build and data is transferred over active circuits.
Does someone along the line learn that the Tor user is in a time zone with daylight saving time, maybe even user's time zone?

Probably not. From what I think, Tor uses UTC time, which is essentially a constant time. It never jumps forward or backwards and is location-neutral. It's often used for coordinating international operations or networks. Most serious computer systems use it as internal timekeeping method.

October 30, 2011

Permalink

Must i use the Aurorabrowser to use the new Release? I have a problem with the Bookmarks from Firefox 3.6 - import works fine, using too... i can add new ones to my Bookmarks - with Folders - but i canĀ“t delete them...old or new... i must use the Managertool to organize it! If i use the "Bookmarks Toolbar" it goes... strange...

I use now the old Firefox 3.6 with the new Vidalia Control Panel and the other Files from the Updatearchive - is this okay or is the Securitybug somewhere still in there? I would like to use the new Release - but not with the Bookmarkproblem... can i use the old Firefoxversion with the updated Bundle... thats my Question and what have i to do, if not... have someone else the same Problems with the old imported Bookmarks? Any sugestions to fix this? Thanx...

I fail to see the need to use Aurora.
I'm running Tor as a relay and using it as a client too on openSuSE 11.4 x64 with FF 7.0.1 using either FoxyProxy or Torbutton to channel traffic through Tor - works just fine.

As long as you configure your plugins & Proxy-Settings the way they have to be, you shouldn't be bound to one specific Browser.

Yes, it's BUNDLE. Why dont u use TorBrowserBundle in an USB or Pendrive?. It's leave no trace anywhere, not even in ur computer. Try tu surf simple. Bookmarks (hyperlinks) must be kept in something like Notepad++ or alike (not in Aurora) and manage in other windows. There are a lot of solutions out there. Remember, be simple.A.P.

November 03, 2011

Permalink

Using Tails 0.8.1 here. Tails has a bug tracker, but not a blog, per se. Since Tails directed me here to seek an explanation of the Tor upgtrade urgency, and since this is not truly a "bug", I trust that it is also OK to post this inquiry here. The question is simple, not so certain the answer is the same. The official Tails download is distributed with a signature to verify its integrity. So, when I boot Tails, and Vidalia runs, and I then see an interposed web page warning me of a problem and directing me to a site with instructions to download a program to memory, then run that program, what serves to verify the integrity of that process? Not trying to be a smartass - I decided that the greater risk was to _not_ upgrade. But it also did occur to me that rogue web pages complaining of discovered security issues and directing users to legitimate-appearing sites harboring trojans, keyloggers and other assorted funware are hardly unheard of. This did cause me to have at least a slight level of concern as did the fact that one is required to give the process root. I'm not a *nix expert by any means, but I did not see anything in the terminal script that ran that appeared to verify the legitimacy of the download, and all the protocols appeared to be vanilla http and ftp. Maybe 20 years of running Windows with eyes wide open has made me excessively paranoid, but I thought this was worth asking,,,

Well, I don't know the details of the pages you saw, but you are right to be concerned, especially with the "fetching from http and ftp sites" part.

Always check signatures on any Tor things you want to install. And if it's not clear whether there are signatures or how to check them, *that*'s the problem you should be working to solve. :)

November 06, 2011

In reply to arma

Permalink

>And if it's not clear whether there are signatures or how to check them, *that*'s the problem you should be working to solve. :)

Understood, and here my lack of *nix geekiness gets in the way, The instructions that I was directed to were to run a series of "apt-get" (2) and "start" (1) commands in a root console window. Those commands appeared to access a standard Debian respositiory and request a scripted download and install sequence using those insecure protocols. So, yes, I am quite clueless about whether any integrity authentication of that process was available, and, if it was, how I would interrrupt the process to use it...

November 05, 2011

Permalink

Hi, i'm really a tad bit out of my bounds here.

i've used peerguardian and that's about all i know about this sorta thing.

i've tried to view the tor download or the main forum page (unless this is it?)
but in chrome it just says "invalid server certificate"

i've googled and googled.
how do i get around this?

November 08, 2011

Permalink

I don't know if anyone else has noticed this, but I am unable to get to any .onion websites using TOR. I am fully able to get to regular websites using TOR, but not any .onion websites.

I am using TOR on Windows 8 Dev. Preview, so that could be party of the problem here.

Is anyone else having this issue? I mean, I cannot even get to Core Onion, the directory website.

November 10, 2011

Permalink

I've heard the concern that the real reason Tor is now using pre-beta, barebone Aurora is to gather data on users (which of course defeats the purpose). Anyone care to reflect on that?

November 10, 2011

Permalink

i m using tor-browser-2.2.34-1 on windows 7 64bit and i can't seem to be able to start the the tor browser ! each time i run the program 3 second after the start the laptop hangs and then show the famous "blue screen" that says a critical error has occured and dumping of physical memory .. bla bla bla ... and it keeps hanging there until i force a shutdown and start the laptop again !
any idea how to solve this !>>??????/