Executive Summary

Summary
Title Tor: Multiple vulnerabilities
Informations
Name GLSA-201201-12 First vendor Publication 2012-01-23
Vendor Gentoo Last vendor Modification 2012-01-23
Severity (Vendor) Normal Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.6 Attack Range Network
Cvss Impact Score 10 Attack Complexity High
Cvss Expoit Score 4.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities have been found in Tor, the most severe of which may allow a remote attacker to execute arbitrary code.

Background

Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service.

Description

Multiple vulnerabilities have been discovered in Tor:

* When configured as client or bridge, Tor uses the same TLS certificate chain for all outgoing connections (CVE-2011-2768).
* When configured as a bridge, Tor relays can distinguish incoming bridge connections from client connections (CVE-2011-2769).
* An error in or/buffers.c could result in a heap-based buffer overflow (CVE-2011-2778).

Impact

A remote attacker could possibly execute arbitrary code or cause a Denial of Service. Furthermore, a remote relay the user is directly connected to may be able to disclose anonymous information about that user or enumerate bridges in the user's connection.

Workaround

There is no known workaround at this time.

Resolution

All Tor users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/tor-0.2.2.35"

References

[ 1 ] CVE-2011-2768 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2768
[ 2 ] CVE-2011-2769 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2769
[ 3 ] CVE-2011-2778 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2778

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201201-12.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201201-12.xml

CWE : Common Weakness Enumeration

% Id Name
33 % CWE-264 Permissions, Privileges, and Access Controls
33 % CWE-200 Information Exposure
33 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:14939
 
Oval ID: oval:org.mitre.oval:def:14939
Title: DSA-2331-1 tor -- several
Description: It has been discovered by "frosty_un" that a design flaw in Tor, an online privacy tool, allows malicious relay servers to learn certain information that they should not be able to learn. Specifically, a relay that a user connects to directly could learn which other relays that user is connected to directly. In combination with other attacks, this issue can lead to deanonymizing the user. The Common Vulnerabilities and Exposures project has assigned CVE-2011-2768 to this issue. In addition to fixing the above mentioned issues, the updates to oldstable and stable fix a number of less critical issues. Please see this posting from the Tor blog for more information: https://blog.torproject.org/blog/tor-02234-released-security-patches
Family: unix Class: patch
Reference(s): DSA-2331-1
CVE-2011-2768
CVE-2011-2769
 Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
 Product(s): tor
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15174
 
Oval ID: oval:org.mitre.oval:def:15174
Title: DSA-2363-1 tor -- buffer overflow
Description: It was discovered that Tor, an online privacy tool, incorrectly computes buffer sizes in certain cases involving SOCKS connections. Malicious parties could use this to cause a heap-based buffer overflow, potentially allowing execution of arbitrary code. In Tor's default configuration this issue can only be triggered by clients that can connect to Tor's socks port, which listens only on localhost by default. In non-default configurations where Tor's SocksPort listens not only on localhost or where Tor was configured to use another socks server for all of its outgoing connections, Tor is vulnerable to a larger set of malicious parties.
Family: unix Class: patch
Reference(s): DSA-2363-1
CVE-2011-2778
 Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
 Product(s): tor
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 257

OpenVAS Exploits

Date Description
2012-04-02 Name : Fedora Update for tor FEDORA-2011-17248
File : nvt/gb_fedora_2011_17248_tor_fc16.nasl
2012-03-19 Name : Fedora Update for tor FEDORA-2011-15208
File : nvt/gb_fedora_2011_15208_tor_fc16.nasl
2012-02-12 Name : Gentoo Security Advisory GLSA 201201-12 (Tor)
File : nvt/glsa_201201_12.nasl
2012-02-11 Name : Debian Security Advisory DSA 2331-1 (tor)
File : nvt/deb_2331_1.nasl
2012-02-11 Name : Debian Security Advisory DSA 2363-1 (tor)
File : nvt/deb_2363_1.nasl
2011-11-08 Name : Fedora Update for tor FEDORA-2011-15117
File : nvt/gb_fedora_2011_15117_tor_fc15.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
77947 Tor or/buffers.c buf_pullup() Function Data Repacking Remote Overflow
76630 Tor TLS Certificate Reuse Direct DirPort Connection User Identification Weakness
76629 Tor TLS Certificate Reuse Outgoing OR Connection User Identification Weakness

Nessus® Vulnerability Scanner

Date Description
2013-04-20 Name : The remote Mandriva Linux host is missing a security update.
File : mandriva_MDVSA-2013-132.nasl - Type : ACT_GATHER_INFO
2012-01-24 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201201-12.nasl - Type : ACT_GATHER_INFO
2012-01-12 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2363.nasl - Type : ACT_GATHER_INFO
2012-01-11 Name : The remote Fedora host is missing a security update.
File : fedora_2011-17248.nasl - Type : ACT_GATHER_INFO
2011-11-14 Name : The remote Fedora host is missing a security update.
File : fedora_2011-15208.nasl - Type : ACT_GATHER_INFO
2011-11-07 Name : The remote Fedora host is missing a security update.
File : fedora_2011-15117.nasl - Type : ACT_GATHER_INFO
2011-10-31 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2331.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:37:09
  • Multiple Updates