[Announcement] Tinc version 1.0.35 and 1.1pre17 released

Guus Sliepen guus at tinc-vpn.org
Mon Oct 8 16:08:11 CEST 2018


Because of security vulnerabilities in tinc that have recently been
discovered, we hereby release tinc versions 1.0.35 and 1.1pre17. Here is a summary of
the changes in tinc 1.0.35:

 * Prevent oracle attacks (CVE-2018-16737, CVE-2018-16738).
 * Prevent a MITM from forcing a NULL cipher for UDP (CVE-2018-16758).

Here is a summery of the changes in tinc 1.1pre17:

 * Prevent oracle attacks in the legacy protocol (CVE-2018-16737,
   CVE-2018-16738).
 * AutoConnect is now enabled by default.
 * Per-node network traffic statistics are now shown in the output of
   "info" and "dump nodes" commands.

Thanks to Michael Yonli for auditing tinc and reporting the
vulnerabilities. Thanks to volth and Rafael Sadowski for their
contributions to version 1.1pre17 of tinc.

Michael Yonli discovered two security flaws. The first is an issue with
the implementation of the authentication protocol used in tinc 1.0,
which allows a remote attacker to establish an authenticated connection
with a node in the VPN, and send messages one-way. In tinc 1.0.29 and
earlier, this is unfortunately trivial to exploit. In tinc 1.0.30 to
1.0.34, the mitigations implemented for the Sweet32 attack also make
this attack much harder, but in principle still possible. This is fixed
in tinc 1.0.35.

The second issue allows a man-in-the-middle that has intercepted the TCP
connection between two nodes, to potentially force one of the nodes to
start sending unencrypted UDP packets. This is also fixed in tinc
1.0.35.

The new protocol used in tinc 1.1 is not affected by these
vulnerabilities. However, since it is backwards compatible with tinc
1.0, it uses the legacy protocol when communicating with tinc 1.0 nodes.
Tinc 1.1pre17 fixes the first issue, and it wasn't vulnerable to the
second issue to begin with.

-- 
Met vriendelijke groet / with kind regards,
     Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20181008/2ba7c237/attachment.sig>


More information about the tinc mailing list