SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   Tor Vendors:   tor.eff.org
Tor Flaws Let Remote Users Execute Arbitrary Code or Deny Service and Let Local Users Obtain Potentially Sensitive Information
SecurityTracker Alert ID:  1024980
SecurityTracker URL:  http://securitytracker.com/id/1024980
CVE Reference:   CVE-2011-0427   (Links to External Site)
Date:  Jan 19 2011
Impact:   Denial of service via network, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 0.2.1.29
Description:   Several vulnerabilities were reported in Tor. A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions. A local user can obtain potentially sensitive information.

A remote user can send specially crafted data to trigger a heap overflow and execute arbitrary code on the target system.

A remote user can send specially crafted z-lib compressed data to cause denial of service conditions. 'doorss' reported this vulnerability.

A local user with certain privileges can access potentially sensitive information from memory. 'cypherpunks' reported this vulnerability.

Impact:   A remote user can execute arbitrary code on the target system.

A remote user can cause denial of service conditions.

A local user can obtain potentially sensitive information.

Solution:   The vendor has issued a fix (0.2.1.29).

The vendor's advisory is available at:

http://blog.torproject.org/blog/tor-02129-released-security-patches

Vendor URL:  tor.eff.org/ (Links to External Site)
Cause:   Boundary error, Not specified
Underlying OS:   Linux (Any), UNIX (Any)

Message History:   None.


 Source Message Contents

Date:  Wed, 19 Jan 2011 04:16:03 +0000
Subject:  Tor


http://blog.torproject.org/blog/tor-02129-released-security-patches

Major bugfixes (security):

    * Fix a heap overflow bug where an adversary could cause heap
      corruption. This bug probably allows remote code execution
      attacks. Reported by "debuger". Fixes CVE-2011-0427. Bugfix on
      0.1.2.10-rc.
    * Prevent a denial-of-service attack by disallowing any
      zlib-compressed data whose compression factor is implausibly
      high. Fixes part of bug 2324; reported by "doorss".
    * Zero out a few more keys in memory before freeing them. Fixes
      bug 2384 and part of bug 2385. These key instances found by
      "cypherpunks", based on Andrew Case's report about being able
      to find sensitive data in Tor's memory space if you have enough
      permissions. Bugfix on 0.0.2pre9.

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC