Executive Summary
Summary | |
---|---|
Title | Tor: Multiple vulnerabilities |
Informations | |||
---|---|---|---|
Name | GLSA-201110-13 | First vendor Publication | 2011-10-18 |
Vendor | Gentoo | Last vendor Modification | 2011-10-18 |
Severity (Vendor) | High | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis Multiple vulnerabilities were found in Tor, the most severe of which may allow a remote attacker to execute arbitrary code. Background Description Impact Workaround Resolution NOTE: This is a legacy GLSA. Updates for all affected architectures are available since April 2, 2011. It is likely that your system is already no longer affected by this issue. References Availability http://security.gentoo.org/glsa/glsa-201110-13.xml |
Original Source
Url : http://security.gentoo.org/glsa/glsa-201110-13.xml |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
29 % | CWE-399 | Resource Management Errors |
29 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
29 % | CWE-20 | Improper Input Validation |
14 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12522 | |||
Oval ID: | oval:org.mitre.oval:def:12522 | ||
Title: | DSA-2148-1 tor -- several | ||
Description: | The developers of Tor, an anonymizing overlay network for TCP, found three security issues during a security audit. A heap overflow allowed the execution of arbitrary code, a denial of service vulnerability was found in the zlib compression handling and some key memory was incorrectly zeroed out before being freed. The latter two issues do not yet have CVE identifiers assigned | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2148-1 CVE-2011-0427 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | tor |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-13 (Tor) File : nvt/glsa_201110_13.nasl |
2011-06-20 | Name : Tor Directory Authority 'policy_summarize' Denial of Service Vulnerability (W... File : nvt/gb_tor_policy_summarize_dos_win.nasl |
2011-06-10 | Name : Fedora Update for tor FEDORA-2011-0650 File : nvt/gb_fedora_2011_0650_tor_fc13.nasl |
2011-06-10 | Name : Fedora Update for tor FEDORA-2011-7972 File : nvt/gb_fedora_2011_7972_tor_fc14.nasl |
2011-05-17 | Name : Fedora Update for tor FEDORA-2011-0642 File : nvt/gb_fedora_2011_0642_tor_fc14.nasl |
2011-03-07 | Name : Debian Security Advisory DSA 2148-1 (tor) File : nvt/deb_2148_1.nasl |
2011-01-24 | Name : FreeBSD Ports: tor File : nvt/freebsd_tor5.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
73036 | Tor or/policies.c policy_summarize() Function Directory Authority Remote Over... |
70529 | Tor Malformed Router Cache Integer Value Handling Remote DoS Tor contains a flaw that may allow a remote denial of service. The issue is triggered when an error related to malformed router caches and the improper handling of integer values occurs, allowing a remote attacker to cause a denial of service. |
70528 | Tor cached-descriptors.new Blob File Size Remote DoS Tor contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker uses a combination of cached blobs such that an unspecified file becomes exactly SIZE_T_CEILING bytes, resulting in a denial of service. |
70527 | Tor tor_realloc Function Memory Allocation Size Value Underflow Remote DoS Tor's 'tor_realloc' function fails to properly check for SIZE_T_MAX, resulting in an underflow error. This may allow a remote attacker to cause a denial of service. |
70526 | Tor Libevent Log Handler Message Remote DoS Tor contains a flaw that may allow a remote denial of service. The issue is triggered when the program makes calls to Libevent within Libevent log handlers, allowing a remote attacker to cause a daemon crash denial of service. |
70525 | Tor Unspecified Remote Overflow DoS Tor is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. This may allow a remote attacker to cause a denial of service, or possibly execute arbitrary code. |
70524 | Tor Key Data Management Local Memory Disclosure Tor contains a flaw that may lead to an unauthorized information disclosure. Â The issue is triggered when the program fails to properly manage key data in memory, which will disclose sensitive key information to a local attacker who reads memory that was previously used by a different process. |
70522 | Tor zlib Compression Factor Handling Remote DoS Tor contains a flaw that may allow a remote denial of service. The issue is triggered when the program fails to properly check the amount of compression in zlib-compressed data, allowing a remote attacker to use crafted compressed data to cause a denial of service. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-10-19 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201110-13.nasl - Type : ACT_GATHER_INFO |
2011-06-09 | Name : The remote Fedora host is missing a security update. File : fedora_2011-0650.nasl - Type : ACT_GATHER_INFO |
2011-06-07 | Name : The remote Fedora host is missing a security update. File : fedora_2011-7972.nasl - Type : ACT_GATHER_INFO |
2011-05-16 | Name : The remote Fedora host is missing a security update. File : fedora_2011-0642.nasl - Type : ACT_GATHER_INFO |
2011-01-18 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2148.nasl - Type : ACT_GATHER_INFO |
2011-01-18 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_38bdf10e229311e0bfa4001676740879.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:37:02 |
|