Executive Summary

Summary
TitleTor: Multiple vulnerabilities
Informations
NameGLSA-201201-12First vendor Publication2012-01-23
VendorGentooLast vendor Modification2012-01-23
Severity (Vendor) NormalRevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:C/I:C/A:C)
Cvss Base Score7.6Attack RangeNetwork
Cvss Impact Score10Attack ComplexityHigh
Cvss Expoit Score4.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities have been found in Tor, the most severe of which may allow a remote attacker to execute arbitrary code.

Background

Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service.

Description

Multiple vulnerabilities have been discovered in Tor:

* When configured as client or bridge, Tor uses the same TLS certificate chain for all outgoing connections (CVE-2011-2768).
* When configured as a bridge, Tor relays can distinguish incoming bridge connections from client connections (CVE-2011-2769).
* An error in or/buffers.c could result in a heap-based buffer overflow (CVE-2011-2778).

Impact

A remote attacker could possibly execute arbitrary code or cause a Denial of Service. Furthermore, a remote relay the user is directly connected to may be able to disclose anonymous information about that user or enumerate bridges in the user's connection.

Workaround

There is no known workaround at this time.

Resolution

All Tor users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/tor-0.2.2.35"

References

[ 1 ] CVE-2011-2768 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2768
[ 2 ] CVE-2011-2769 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2769
[ 3 ] CVE-2011-2778 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2778

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201201-12.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201201-12.xml

CWE : Common Weakness Enumeration

idName
CWE-264Permissions, Privileges, and Access Controls
CWE-200Information Exposure
CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

TypeDescriptionCount
Application230

OpenVAS Exploits

DateDescription
2012-04-02Name : Fedora Update for tor FEDORA-2011-17248
File : nvt/gb_fedora_2011_17248_tor_fc16.nasl
2012-03-19Name : Fedora Update for tor FEDORA-2011-15208
File : nvt/gb_fedora_2011_15208_tor_fc16.nasl
2012-02-12Name : Gentoo Security Advisory GLSA 201201-12 (Tor)
File : nvt/glsa_201201_12.nasl
2012-02-11Name : Debian Security Advisory DSA 2331-1 (tor)
File : nvt/deb_2331_1.nasl
2012-02-11Name : Debian Security Advisory DSA 2363-1 (tor)
File : nvt/deb_2363_1.nasl
2011-11-08Name : Fedora Update for tor FEDORA-2011-15117
File : nvt/gb_fedora_2011_15117_tor_fc15.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
77947Tor or/buffers.c buf_pullup() Function Data Repacking Remote Overflow
76630Tor TLS Certificate Reuse Direct DirPort Connection User Identification Weakness
76629Tor TLS Certificate Reuse Outgoing OR Connection User Identification Weakness

Nessus® Vulnerability Scanner

DateDescription
2013-04-20Name : The remote Mandriva Linux host is missing a security update.
File : mandriva_MDVSA-2013-132.nasl - Type : ACT_GATHER_INFO
2012-01-24Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201201-12.nasl - Type : ACT_GATHER_INFO
2012-01-12Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2363.nasl - Type : ACT_GATHER_INFO
2012-01-11Name : The remote Fedora host is missing a security update.
File : fedora_2011-17248.nasl - Type : ACT_GATHER_INFO
2011-11-14Name : The remote Fedora host is missing a security update.
File : fedora_2011-15208.nasl - Type : ACT_GATHER_INFO
2011-11-07Name : The remote Fedora host is missing a security update.
File : fedora_2011-15117.nasl - Type : ACT_GATHER_INFO
2011-10-31Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2331.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2014-02-17 11:37:09
  • Multiple Updates