Multiple vulnerabilities have been found in Tor, the most severe of which may allow a remote attacker to execute arbitrary code.
Multiple vulnerabilities have been discovered in Tor:
When configured as client or bridge, Tor uses the same TLS certificate chain for all outgoing connections (CVE-2011-2768).When configured as a bridge, Tor relays can distinguish incoming bridge connections from client connections (CVE-2011-2769).An error in or/buffers.c could result in a heap-based buffer overflow (CVE-2011-2778).Impact:
A remote attacker could possibly execute arbitrary code or cause a Denial of Service. Furthermore, a remote relay the user is directly connected to may be able to disclose anonymous information about that user or enumerate bridges in the user’s connection.
Vulnerable Versions:
< 0.2.2.35
Workaround:
There is no known workaround at this time.
Resolution:
All Tor users should upgrade to the latest version:
# emerge –sync
# emerge –ask –oneshot –verbose “>=net-misc/tor-0.2.2.35?
References:
– CVE-2011-2768
– CVE-2011-2769
– CVE-2011-2778
Tags: Bugs, Tor, Tor Bugs, Tor Project, Tor Project Vulnerability, Tor Vulnerabilities, Tor Vulnerability, Vulnerabilities, Vulnerability
Filed in Exploits, Hacking Tools, Security Tools, Vulnerabilities | Prasanna Sherekar
No comments:
Post a Comment