[SA20277] Tor Weakness and Multiple Vulnerabilities
Web Server forum
Back To The Forum Home!Search!Private Messaging System
Visit your User Control Panel!Register your FREE username now!Visit Our Calendar!View the Member List!Faqs!Search our Forums!

Web Server Talk Web Server Talk > WebserverTalk Community > Anonymous Servers > [SA20277] Tor Weakness and Multiple Vulnerabilities




  Last Thread   Next Thread Next
  Show Printable Version Email this Page Subscribe to this Thread      Post New Thread    Post A Reply      

    [SA20277] Tor Weakness and Multiple Vulnerabilities  
Nomen Nescio


View Ip Address Report This Message To A Moderator Edit/Delete Message


 
05-29-06 10:02 PM

TITLE:
Tor Weakness and Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA20277

VERIFY ADVISORY:
http://secunia.com/advisories/20277/

CRITICAL:
Moderately critical

IMPACT:


WHERE:
From remote

SOFTWARE:
Tor 0.1.0.x
http://secunia.com/product/5269/

DESCRIPTION:
Some vulnerabilities and a weakness have been reported in Tor, which
can be exploited by malicious people to spoof log entries, disclose
certain sensitive information, and cause a DoS (Denial of Service).

1) Input strings received from the network isn't properly sanitised
before being displayed. This can potentially be exploited to spoof
log entries via certain non-printable characters.

2) An unspecified error in the directory server can be exploited to
cause a DoS.

3) Some integer overflow errors exists when adding elements to
smartlists. This can potentially be exploited to cause a buffer
overflow via malicious large inputs.

4) An error in which internal circuits are picked based on the
circuits having useful exit nodes, can potentially reveal certain
information via statistical attacks.

The vulnerabilities and weakness have been reported in versions prior
to 0.1.1.20.

Note: Several other issues, which may be security related, have also
been fixed.

SOLUTION:
Update to version 0.1.1.20.
http://tor.eff.org/download.html

PROVIDED AND/OR DISCOVERED BY:
1-3) Reported by vendor.
4) Lasse Overlier

ORIGINAL ADVISORY:
http://tor.eff.org/cvs/tor/ChangeLog


--
Regards
BugHunter




[ Post a follow-up to this message ]



    Sponsored Links  




 



   All times are GMT. The time now is 10:46 AM.      Post New Thread    Post A Reply      
  Last Thread   Next Thread Next


Most Popular forums 
Apache Server MySQL for Windows Sendmail
Red Hat Networking SuSe Linux Debian Linux
FreeBSD administration Sun Solaris administration Unix Shell programming
WebSphere Portal Server Exchange 2000 administration PostgreSQL administration
Linux Security Computer Security Firewalls

Forum Jump:
Rate This Thread:

Forum Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts 		HTML code is OFF
vB code is ON
Smilies are ON
[IMG] code is OFF
 
Medical and Health forum | Computer Games Reviews | Graphics design forum

Back To The Top
Home | Usercp | Faq | Register