Executive Summary

Summary
TitleTor: Multiple vulnerabilities
Informations
NameGLSA-201201-12First vendor Publication2012-01-23
VendorGentooLast vendor Modification2012-01-23
Severity (Vendor) NormalRevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:C/I:C/A:C)
Cvss Base Score7.6Attack RangeNetwork
Cvss Impact Score10Attack ComplexityHigh
Cvss Expoit Score4.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities have been found in Tor, the most severe of which may allow a remote attacker to execute arbitrary code.

Background

Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service.

Description

Multiple vulnerabilities have been discovered in Tor:

* When configured as client or bridge, Tor uses the same TLS certificate chain for all outgoing connections (CVE-2011-2768).
* When configured as a bridge, Tor relays can distinguish incoming bridge connections from client connections (CVE-2011-2769).
* An error in or/buffers.c could result in a heap-based buffer overflow (CVE-2011-2778).

Impact

A remote attacker could possibly execute arbitrary code or cause a Denial of Service. Furthermore, a remote relay the user is directly connected to may be able to disclose anonymous information about that user or enumerate bridges in the user's connection.

Workaround

There is no known workaround at this time.

Resolution

All Tor users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/tor-0.2.2.35"

References

[ 1 ] CVE-2011-2768 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2768
[ 2 ] CVE-2011-2769 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2769
[ 3 ] CVE-2011-2778 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2778

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201201-12.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201201-12.xml

CWE : Common Weakness Enumeration

idName
CWE-264Permissions, Privileges, and Access Controls
CWE-200Information Exposure
CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:14939
 
Oval ID: oval:org.mitre.oval:def:14939
Title: DSA-2331-1 tor -- several
Description: It has been discovered by "frosty_un" that a design flaw in Tor, an online privacy tool, allows malicious relay servers to learn certain information that they should not be able to learn. Specifically, a relay that a user connects to directly could learn which other relays that user is connected to directly. In combination with other attacks, this issue can lead to deanonymizing the user. The Common Vulnerabilities and Exposures project has assigned CVE-2011-2768 to this issue. In addition to fixing the above mentioned issues, the updates to oldstable and stable fix a number of less critical issues. Please see this posting from the Tor blog for more information: https://blog.torproject.org/blog/tor-02234-released-security-patches
Family: unix Class: patch
Reference(s): DSA-2331-1
CVE-2011-2768
CVE-2011-2769
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): tor
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15174
 
Oval ID: oval:org.mitre.oval:def:15174
Title: DSA-2363-1 tor -- buffer overflow
Description: It was discovered that Tor, an online privacy tool, incorrectly computes buffer sizes in certain cases involving SOCKS connections. Malicious parties could use this to cause a heap-based buffer overflow, potentially allowing execution of arbitrary code. In Tor's default configuration this issue can only be triggered by clients that can connect to Tor's socks port, which listens only on localhost by default. In non-default configurations where Tor's SocksPort listens not only on localhost or where Tor was configured to use another socks server for all of its outgoing connections, Tor is vulnerable to a larger set of malicious parties.
Family: unix Class: patch
Reference(s): DSA-2363-1
CVE-2011-2778
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): tor
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application230

OpenVAS Exploits

DateDescription
2012-04-02Name : Fedora Update for tor FEDORA-2011-17248
File : nvt/gb_fedora_2011_17248_tor_fc16.nasl
2012-03-19Name : Fedora Update for tor FEDORA-2011-15208
File : nvt/gb_fedora_2011_15208_tor_fc16.nasl
2012-02-12Name : Gentoo Security Advisory GLSA 201201-12 (Tor)
File : nvt/glsa_201201_12.nasl
2012-02-11Name : Debian Security Advisory DSA 2331-1 (tor)
File : nvt/deb_2331_1.nasl
2012-02-11Name : Debian Security Advisory DSA 2363-1 (tor)
File : nvt/deb_2363_1.nasl
2011-11-08Name : Fedora Update for tor FEDORA-2011-15117
File : nvt/gb_fedora_2011_15117_tor_fc15.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
77947Tor or/buffers.c buf_pullup() Function Data Repacking Remote Overflow
76630Tor TLS Certificate Reuse Direct DirPort Connection User Identification Weakness
76629Tor TLS Certificate Reuse Outgoing OR Connection User Identification Weakness

Nessus® Vulnerability Scanner

DateDescription
2013-04-20Name : The remote Mandriva Linux host is missing a security update.
File : mandriva_MDVSA-2013-132.nasl - Type : ACT_GATHER_INFO
2012-01-24Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201201-12.nasl - Type : ACT_GATHER_INFO
2012-01-12Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2363.nasl - Type : ACT_GATHER_INFO
2012-01-11Name : The remote Fedora host is missing a security update.
File : fedora_2011-17248.nasl - Type : ACT_GATHER_INFO
2011-11-14Name : The remote Fedora host is missing a security update.
File : fedora_2011-15208.nasl - Type : ACT_GATHER_INFO
2011-11-07Name : The remote Fedora host is missing a security update.
File : fedora_2011-15117.nasl - Type : ACT_GATHER_INFO
2011-10-31Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2331.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2014-02-17 11:37:09
  • Multiple Updates