SB2011011901 - Multiple vulnerabilities in tor.eff Tor

Security Bulletin ID SB2011011901

Severity

Medium

Patch available

YES

Number of vulnerabilities 8

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 8 secuirty vulnerabilities.

1) Information disclosure (CVE-ID: CVE-2011-4896)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Tor before 0.2.2.24-alpha continues to use a reachable bridge that was previously configured but is not currently configured, which might allow remote attackers to obtain sensitive information about clients in opportunistic circumstances by monitoring network traffic to the bridge port.

2) Input validation error (CVE-ID: CVE-2011-0493)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha might allow remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors related to malformed router caches and improper handling of integer values.

3) Input validation error (CVE-ID: CVE-2011-0491)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The tor_realloc function in Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not validate a certain size value during memory allocation, which might allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors, related to "underflow errors."

4) Resource management error (CVE-ID: CVE-2011-0492)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote attackers to cause a denial of service (assertion failure and daemon exit) via blobs that trigger a certain file size, as demonstrated by the cached-descriptors.new file.

5) Resource management error (CVE-ID: CVE-2011-0016)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properly manage key data in memory, which might allow local users to obtain sensitive information by leveraging the ability to read memory that was previously used by a different process.

6) Heap-based buffer overflow (CVE-ID: CVE-2011-0427)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Heap-based buffer overflow in Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha. A remote attacker can use unspecified vectors. to trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

7) Input validation error (CVE-ID: CVE-2011-0490)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha makes calls to Libevent within Libevent log handlers, which might allow remote attackers to cause a denial of service (daemon crash) via vectors that trigger certain log messages.

8) Input validation error (CVE-ID: CVE-2011-0015)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properly check the amount of compression in zlib-compressed data, which allows remote attackers to cause a denial of service via a large compression factor.

Remediation

Install update from vendor's website.

SB2011011901 - Multiple vulnerabilities in tor.eff Tor

Breakdown by Severity

Description

Remediation

References

Please verify you're human