TITLE:
Tor Weakness and Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA20277
VERIFY ADVISORY:
http://secunia.com/advisories/20277/
CRITICAL:
Moderately critical
IMPACT:
WHERE:
>From remote
SOFTWARE:
Tor 0.1.0.x
http://secunia.com/product/5269/
DESCRIPTION:
Some vulnerabilities and a weakness have been reported in Tor, which
can be exploited by malicious people to spoof log entries, disclose
certain sensitive information, and cause a DoS (Denial of Service).
1) Input strings received from the network isn't properly sanitised
before being displayed. This can potentially be exploited to spoof
log entries via certain non-printable characters.
2) An unspecified error in the directory server can be exploited to
cause a DoS.
3) Some integer overflow errors exists when adding elements to
smartlists. This can potentially be exploited to cause a buffer
overflow via malicious large inputs.
4) An error in which internal circuits are picked based on the
circuits having useful exit nodes, can potentially reveal certain
information via statistical attacks.
The vulnerabilities and weakness have been reported in versions prior
to 0.1.1.20.
Note: Several other issues, which may be security related, have also
been fixed.
SOLUTION:
Update to version 0.1.1.20.
http://tor.eff.org/download.html
PROVIDED AND/OR DISCOVERED BY:
1-3) Reported by vendor.
4) Lasse Overlier
ORIGINAL ADVISORY:
http://tor.eff.org/cvs/tor/ChangeLog
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.