Executive Summary

TitleTor: Multiple vulnerabilities
NameGLSA-201201-12First vendor Publication2012-01-23
VendorGentooLast vendor Modification2012-01-23
Severity (Vendor) NormalRevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:C/I:C/A:C)
Cvss Base Score7.6Attack RangeNetwork
Cvss Impact Score10Attack ComplexityHigh
Cvss Expoit Score4.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores



Multiple vulnerabilities have been found in Tor, the most severe of which may allow a remote attacker to execute arbitrary code.


Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service.


Multiple vulnerabilities have been discovered in Tor:

* When configured as client or bridge, Tor uses the same TLS certificate chain for all outgoing connections (CVE-2011-2768).
* When configured as a bridge, Tor relays can distinguish incoming bridge connections from client connections (CVE-2011-2769).
* An error in or/buffers.c could result in a heap-based buffer overflow (CVE-2011-2778).


A remote attacker could possibly execute arbitrary code or cause a Denial of Service. Furthermore, a remote relay the user is directly connected to may be able to disclose anonymous information about that user or enumerate bridges in the user's connection.


There is no known workaround at this time.


All Tor users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/tor-"


[ 1 ] CVE-2011-2768 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2768
[ 2 ] CVE-2011-2769 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2769
[ 3 ] CVE-2011-2778 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2778


This GLSA and any updates to it are available for viewing at the Gentoo Security Website:


Original Source

Url : http://security.gentoo.org/glsa/glsa-201201-12.xml

CWE : Common Weakness Enumeration

33 %CWE-264Permissions, Privileges, and Access Controls
33 %CWE-200Information Exposure
33 %CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:14939
Oval ID: oval:org.mitre.oval:def:14939
Title: DSA-2331-1 tor -- several
Description: It has been discovered by "frosty_un" that a design flaw in Tor, an online privacy tool, allows malicious relay servers to learn certain information that they should not be able to learn. Specifically, a relay that a user connects to directly could learn which other relays that user is connected to directly. In combination with other attacks, this issue can lead to deanonymizing the user. The Common Vulnerabilities and Exposures project has assigned CVE-2011-2768 to this issue. In addition to fixing the above mentioned issues, the updates to oldstable and stable fix a number of less critical issues. Please see this posting from the Tor blog for more information: https://blog.torproject.org/blog/tor-02234-released-security-patches
Family: unix Class: patch
Reference(s): DSA-2331-1
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): tor
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15174
Oval ID: oval:org.mitre.oval:def:15174
Title: DSA-2363-1 tor -- buffer overflow
Description: It was discovered that Tor, an online privacy tool, incorrectly computes buffer sizes in certain cases involving SOCKS connections. Malicious parties could use this to cause a heap-based buffer overflow, potentially allowing execution of arbitrary code. In Tor's default configuration this issue can only be triggered by clients that can connect to Tor's socks port, which listens only on localhost by default. In non-default configurations where Tor's SocksPort listens not only on localhost or where Tor was configured to use another socks server for all of its outgoing connections, Tor is vulnerable to a larger set of malicious parties.
Family: unix Class: patch
Reference(s): DSA-2363-1
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): tor
Definition Synopsis:

CPE : Common Platform Enumeration


OpenVAS Exploits

2012-04-02Name : Fedora Update for tor FEDORA-2011-17248
File : nvt/gb_fedora_2011_17248_tor_fc16.nasl
2012-03-19Name : Fedora Update for tor FEDORA-2011-15208
File : nvt/gb_fedora_2011_15208_tor_fc16.nasl
2012-02-12Name : Gentoo Security Advisory GLSA 201201-12 (Tor)
File : nvt/glsa_201201_12.nasl
2012-02-11Name : Debian Security Advisory DSA 2331-1 (tor)
File : nvt/deb_2331_1.nasl
2012-02-11Name : Debian Security Advisory DSA 2363-1 (tor)
File : nvt/deb_2363_1.nasl
2011-11-08Name : Fedora Update for tor FEDORA-2011-15117
File : nvt/gb_fedora_2011_15117_tor_fc15.nasl

Open Source Vulnerability Database (OSVDB)

77947Tor or/buffers.c buf_pullup() Function Data Repacking Remote Overflow
76630Tor TLS Certificate Reuse Direct DirPort Connection User Identification Weakness
76629Tor TLS Certificate Reuse Outgoing OR Connection User Identification Weakness

Nessus® Vulnerability Scanner

2013-04-20Name : The remote Mandriva Linux host is missing a security update.
File : mandriva_MDVSA-2013-132.nasl - Type : ACT_GATHER_INFO
2012-01-24Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201201-12.nasl - Type : ACT_GATHER_INFO
2012-01-12Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2363.nasl - Type : ACT_GATHER_INFO
2012-01-11Name : The remote Fedora host is missing a security update.
File : fedora_2011-17248.nasl - Type : ACT_GATHER_INFO
2011-11-14Name : The remote Fedora host is missing a security update.
File : fedora_2011-15208.nasl - Type : ACT_GATHER_INFO
2011-11-07Name : The remote Fedora host is missing a security update.
File : fedora_2011-15117.nasl - Type : ACT_GATHER_INFO
2011-10-31Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2331.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
2014-02-17 11:37:09
  • Multiple Updates