|
 |
|
Tor Weakness and Multiple Vulnerabilities
|
|
|
|
|
Secunia Advisory:
|
SA20277
|
|
|
Release Date:
|
2006-05-25
|
|
Last Update:
|
2006-07-11
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Spoofing
Exposure of sensitive information
DoS
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Tor 0.1.0.x
|
| | CVE reference: | CVE-2006-3407 (Secunia mirror)
CVE-2006-3408 (Secunia mirror)
CVE-2006-3409 (Secunia mirror)
CVE-2006-3410 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
Some vulnerabilities and a weakness have been reported in Tor, which can be exploited by malicious people to spoof log entries, disclose certain sensitive information, and cause a DoS (Denial of Service).
1) Input strings received from the network isn't properly sanitised before being displayed. This can potentially be exploited to spoof log entries via certain non-printable characters.
2) An unspecified error in the directory server can be exploited to cause a DoS.
3) Some integer overflow errors exists when adding elements to smartlists. This can potentially be exploited to cause a buffer overflow via malicious large inputs.
4) An error in which internal circuits are picked based on the circuits having useful exit nodes, can potentially reveal certain information via statistical attacks.
The vulnerabilities and weakness have been reported in versions prior to 0.1.1.20.
Note: Several other issues, which may be security related, have also been fixed.
Solution:
Update to version 0.1.1.20.
http://tor.eff.org/download.html
Provided and/or discovered by:
1-3) Reported by vendor.
4) Lasse Overlier
Changelog:
2006-06-08: Updated advisory.
2006-07-11: Added CVE references.
Original Advisory:
http://tor.eff.org/cvs/tor/ChangeLog
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
6 Related Secunia Security Advisories
|
|
|
1. Tor Multiple Weaknesses and Vulnerability
|
|
2. Tor Circuit Generation Entry Guard Check Weakness
|
|
3. Tor Denial of Service and Traffic Routing
|
|
4. Tor Hidden Service Disclosure Weakness
|
|
5. Tor Cryptographic Handshake Vulnerability
|
|
6. Tor Disclosure of Sensitive Information
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
