Executive Summary
Informations | |||
---|---|---|---|
Name | MDVSA-2013:132 | First vendor Publication | 2013-04-10 |
Vendor | Mandriva | Last vendor Modification | 2013-04-10 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 5.8 | Attack Range | Network |
Cvss Impact Score | 4.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Updated tor package fixes security vulnerabilities: Tor before 0.2.2.34, when configured as a client or bridge, sends a TLS certificate chain as part of an outgoing OR connection, which allows remote relays to bypass intended anonymity properties by reading this chain and then determining the set of entry guards that the client or bridge had selected (CVE-2011-2768). Tor before 0.2.2.34, when configured as a bridge, accepts the CREATE and CREATE_FAST values in the Command field of a cell within an OR connection that it initiated, which allows remote relays to enumerate bridges by using these values (CVE-2011-2769). Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might allow remote attackers to cause a denial of service (daemon crash) via vectors related to failed DNS requests (CVE-2012-3517). The networkstatus_parse_vote_from_string function in routerparse.c in Tor before 0.2.2.38 does not properly handle an invalid flavor name, which allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted (1) vote document or (2) consensus document (CVE-2012-3518). routerlist.c in Tor before 0.2.2.38 uses a different amount of time for relay-list iteration depending on which relay is chosen, which might allow remote attackers to obtain sensitive information about relay selection via a timing side-channel attack (CVE-2012-3519). The compare_tor_addr_to_addr_policy function in or/policies.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a zero-valued port field that is not properly handled during policy comparison (CVE-2012-4419). Tor before 0.2.2.39, when waiting for a client to renegotiate, allowed it to add bytes to the input buffer, allowing a crash to be caused remotely (tor-5934, tor-6007). Denial of Service vulnerability in Tor before 0.2.3.25, due to an error when handling SENDME cells and can be exploited to cause excessive consumption of memory resources within an entry node (SA51329, CVE-2012-5573). The version of Tor shipped in MBS1 did not have correctly formed systemd unit and thus failed to start. This updated version corrects this problem and restores working behaviour. |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2013:132 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-399 | Resource Management Errors |
33 % | CWE-200 | Information Exposure |
17 % | CWE-264 | Permissions, Privileges, and Access Controls |
17 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:14939 | |||
Oval ID: | oval:org.mitre.oval:def:14939 | ||
Title: | DSA-2331-1 tor -- several | ||
Description: | It has been discovered by "frosty_un" that a design flaw in Tor, an online privacy tool, allows malicious relay servers to learn certain information that they should not be able to learn. Specifically, a relay that a user connects to directly could learn which other relays that user is connected to directly. In combination with other attacks, this issue can lead to deanonymizing the user. The Common Vulnerabilities and Exposures project has assigned CVE-2011-2768 to this issue. In addition to fixing the above mentioned issues, the updates to oldstable and stable fix a number of less critical issues. Please see this posting from the Tor blog for more information: https://blog.torproject.org/blog/tor-02234-released-security-patches | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2331-1 CVE-2011-2768 CVE-2011-2769 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | tor |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17634 | |||
Oval ID: | oval:org.mitre.oval:def:17634 | ||
Title: | DSA-2548-1 tor - several | ||
Description: | Several vulnerabilities have been discovered in Tor, an online privacy tool. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2548-1 CVE-2012-3518 CVE-2012-3519 CVE-2012-4419 | Version: | 7 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | tor |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-09-15 | Name : Debian Security Advisory DSA 2548-1 (tor) File : nvt/deb_2548_1.nasl |
2012-04-02 | Name : Fedora Update for tor FEDORA-2011-17248 File : nvt/gb_fedora_2011_17248_tor_fc16.nasl |
2012-03-19 | Name : Fedora Update for tor FEDORA-2011-15208 File : nvt/gb_fedora_2011_15208_tor_fc16.nasl |
2012-02-12 | Name : Gentoo Security Advisory GLSA 201201-12 (Tor) File : nvt/glsa_201201_12.nasl |
2012-02-11 | Name : Debian Security Advisory DSA 2331-1 (tor) File : nvt/deb_2331_1.nasl |
2011-11-08 | Name : Fedora Update for tor FEDORA-2011-15117 File : nvt/gb_fedora_2011_15117_tor_fc15.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
76630 | Tor TLS Certificate Reuse Direct DirPort Connection User Identification Weakness |
76629 | Tor TLS Certificate Reuse Outgoing OR Connection User Identification Weakness |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-541.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-660.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-835.nasl - Type : ACT_GATHER_INFO |
2013-04-20 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2013-132.nasl - Type : ACT_GATHER_INFO |
2013-03-25 | Name : The remote Fedora host is missing a security update. File : fedora_2013-3773.nasl - Type : ACT_GATHER_INFO |
2013-03-17 | Name : The remote Fedora host is missing a security update. File : fedora_2013-3434.nasl - Type : ACT_GATHER_INFO |
2013-02-04 | Name : The remote Fedora host is missing a security update. File : fedora_2012-14650.nasl - Type : ACT_GATHER_INFO |
2013-01-09 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-03.nasl - Type : ACT_GATHER_INFO |
2012-09-24 | Name : The remote Fedora host is missing a security update. File : fedora_2012-14638.nasl - Type : ACT_GATHER_INFO |
2012-09-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2548.nasl - Type : ACT_GATHER_INFO |
2012-01-24 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201201-12.nasl - Type : ACT_GATHER_INFO |
2012-01-11 | Name : The remote Fedora host is missing a security update. File : fedora_2011-17248.nasl - Type : ACT_GATHER_INFO |
2011-11-14 | Name : The remote Fedora host is missing a security update. File : fedora_2011-15208.nasl - Type : ACT_GATHER_INFO |
2011-11-07 | Name : The remote Fedora host is missing a security update. File : fedora_2011-15117.nasl - Type : ACT_GATHER_INFO |
2011-10-31 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2331.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:43:43 |
|
2013-04-10 21:18:28 |
|