TITLE:
Tor Weakness and Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA20277

VERIFY ADVISORY:
http://secunia.com/advisories/20277/

CRITICAL:
Moderately critical

IMPACT:


WHERE:
From remote

SOFTWARE:
Tor 0.1.0.x
http://secunia.com/product/5269/

DESCRIPTION:
Some vulnerabilities and a weakness have been reported in Tor, which
can be exploited by malicious people to spoof log entries, disclose
certain sensitive information, and cause a DoS (Denial of Service).

1) Input strings received from the network isn't properly sanitised
before being displayed. This can potentially be exploited to spoof
log entries via certain non-printable characters.

2) An unspecified error in the directory server can be exploited to
cause a DoS.

3) Some integer overflow errors exists when adding elements to
smartlists. This can potentially be exploited to cause a buffer
overflow via malicious large inputs.

4) An error in which internal circuits are picked based on the
circuits having useful exit nodes, can potentially reveal certain
information via statistical attacks.

The vulnerabilities and weakness have been reported in versions prior
to 0.1.1.20.

Note: Several other issues, which may be security related, have also
been fixed.

SOLUTION:
Update to version 0.1.1.20.
http://tor.eff.org/download.html

PROVIDED AND/OR DISCOVERED BY:
1-3) Reported by vendor.
4) Lasse Overlier

ORIGINAL ADVISORY:
http://tor.eff.org/cvs/tor/ChangeLog


--
Regards
BugHunter

[ Post a follow-up to this message ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

["Followup-To:" header set to alt.privacy.anon-server.]
On Thu, 25 May 2006 19:58:30 +0200 (CEST), George Orwell wrote in
Message-Id: < c31167e56a6bb90ee43af16cb9a0c3d1@mixmast
er.it>:

> PROVIDED AND/OR DISCOVERED BY:
> 1-3) Reported by vendor.
> 4) Lasse Overlier

The 0.1.0.x branch of Tor is now considered legacy.  0.1.1.20 is the
first stable release of the 0.1.1.x branch and users are encouraged to
upgrade to it.  A list of security fixes and enhancements can be found
at http://archives.seul.org/or/announc.../msg00000.html.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iQEVAwUBRHYOG2oLu9HNUqmMAQqvJAf/SaGzGKbL7oewsSIcpPQzw5dth88zxQPT
 dVOcroWKgvwfQ7tUSPbpqyHozt3cS4A3XPV3WPcq
KktEKwBY5M9MNI63zlNjHKLL
 ZnesGWCV2GPPjzbqqPtBDu8KpGyHPfoHAMeKuCNw
6ngyZfKOcWzYZbb4o9LCNGvi
 WcYQ8TXv+TyvfojJeGbUdG6GYaW6mwU4gzo1qycH
4sE0QY3sbAJZQo4RbDTzOYN9
DStoOpmbVoQvWEj1lB9aQJrs/L3nN2zuIvCSlM0Hy79StGkXYJfhaHKqXaZVHNCY
 BS72nB7zzohmR99LeIL4fHtRmTl8vYv1ZUkrMdas
7Ym5HYfJPm3ShA==
=ZRor
-----END PGP SIGNATURE-----

--
pub  1024D/8ED57743 2003-07-08 Bananasplit Operator
Key fingerprint = 796F 67E0 E890 A0BB BDAE  EBB4 94A6 7A09 8ED5 7743
uid                            Admin <admin.bananasplit.info>

[ Post a follow-up to this message ]