URGENT: Windows Bitcoin-Qt update

[Gavin Andresen]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A potential security vulnerability has been discovered in the Windows
version of Bitcoin-Qt. If you are running Bitcoin-Qt versions 0.5
through 0.6 on Windows you should shut it down and upgrade to either
version 0.5.3.1 or 0.6rc4 NOW.

The command-line bitcoin daemon (bitcoind), Mac and Linux versions of
Bitcoin-Qt, and versions prior to 0.5 are not affected.

Due to the nature of the vulnerability, we believe it would be very
difficult for an attacker to do anything more than crash the
Bitcoin-Qt process. However, because there is a possibility of such a
crash causing remote code execution we consider this a critical issue.

Binaries are available at SourceForge:
https://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.6.0/test/
https://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.5.3/

If you have questions, feel free to drop by the #bitcoin-dev channel
on FreeNode IRC.

- --
Gavin Andresen
Gregory Maxwell
Matt Corallo
Nils Schneider
Wladimir J. van der Laan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk9j12IACgkQdYgkL74406iIyQCfbxFTO3yD4Q2bHDjPlDuJn3Mj
9GAAn3mV+ggo+5q1Ujd0A5zwpFYojkE2
=g1Ad
-----END PGP SIGNATURE-----

[1695974448]

1695974448

[1695974448]

1695974448

[1695974448]

1695974448

[mcorlett]

Can we get more information on the nature of the vulnerability itself, please?

[Fiyasko]

when was this discovered?!

[kentrolla]

thats nuts.......        can this effect any other processes?

[Retired]

I assume you are not publishing more detailed information on purpose, right? And, as JackRabiit asked, when was this discovered?

[Clipse]

bitcoin.org lists the 0.5.3.1 update posted for 16 April 2012, perhaps correct that.

[apetersson]

about 3 days ago i was commenting on the language choice.
from a software architecture standpoint other languages than c++ would make more sense in such a sensitive area.

i am not suggesting that it should be rewritten. but i think it is very important that alternative implementations like BitcoinJ, multibit, armory, electrum exist.

[ThiagoCMC]

about 3 days ago i was commenting on the language choice.
from a software architecture standpoint other languages than c++ would make more sense in such a sensitive area.

i am not suggesting that it should be rewritten. but i think it is very important that alternative implementations like BitcoinJ, multibit, armory, electrum exist.

The most important re-implementation of Satoshi's oroginal code, from my point of view, is Libcoin from Michael Grønager.

[mcorlett]

Can we get more information on the nature of the vulnerability itself, please?

You can check out Github.

Did you check before posting? There is no relevant commit to the main branch.

[Luke-Jr]

The most important re-implementation of Satoshi's oroginal code, from my point of view, is Libcoin from Michael Grønager.

Libcoin is not a reimplementation, it is just the Satoshi client made into a library. Perhaps you meant Amir's libbitcoin?

[cypherdoc]

are the backups in 0.6.0 for windows encrypted?

[Luke-Jr]

are the backups in 0.6.0 for windows encrypted?

No

[cypherdoc]

are the backups in 0.6.0 for windows encrypted?

No

why wouldn't it be?  if you encrypt your working wallet, then run a backup, it should be encrypted as well i would think.

[wumpus]

why wouldn't it be?  if you encrypt your working wallet, then run a backup, it should be encrypted as well i would think.

yes, it's simply a copy

[Luke-Jr]

are the backups in 0.6.0 for windows encrypted?

No

why wouldn't it be?  if you encrypt your working wallet, then run a backup, it should be encrypted as well i would think.

Encrypted wallets aren't really encrypted entirely. Only your private keys are. There's still a lot of sensitive data in there you probably don't want public.

[grue]

so all the 0.4.* versions are still safe, right?

[Luke-Jr]

so all the 0.4.* versions are still safe, right?

For this specific bug, yes. But wxBitcoin (the GUI in 0.4.x) is not maintained or supported at all, so it likely has other unfixed vulnerabilities.

[da2ce7]

If the installer ain't working for you... Make sure you select 'Run As Administrator'.

Users whom wisely don't run as a super user, will get the error 'cannot access file.'  Instead of a prompt for an escalation of privileges.

[gmaxwell]

With respect to detailed questions about the issue, we're currently being somewhat vague— simply because it's helpful to give innocent users as much of a head-start on trouble makers as possible.  

At the current time we don't know that the issue is exploitable. The class of issue and the overall paranoid design of the reference client make it hard to tell for sure. It is probably hard to exploit if it is exploitable at all.  Because of the potential seriousness the issue has been dealt with promptly and as if it were exploitable. (I'm not answering the specific timing questions because they may identify the issue too clearly).

If the issue turns out to be practically exploitable we'd much rather learn of it as a purely academic fact— academic because almost all impacted users had already applied fixes—  a few weeks from now, than learn about that in the form of hundreds of wallets being stolen through an exploit in the next few days.

I always encourage people to review the git history, but if you spot the fix for this issue— please don't point it out yet (and I will remove posts that do), if you like you can contact me privately and I'll gladly tell everyone how smart you were later. —  Reviewing the commits is generally good advice it's always good to have more eyes on the code, and even if you don't satisfy your curiosity with respect to this issue you may learn something else useful.

[hongus]

So if I have 0.5.3.1-beta I'm safe?