SB2011122304 - Multiple vulnerabilities in tor.eff Tor
Published: December 23, 2011 Updated: August 11, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2011-4894)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
Tor before 0.2.2.34, when configured as a bridge, uses direct DirPort access instead of a Tor TLS connection for a directory fetch, which makes it easier for remote attackers to enumerate bridges by observing DirPort connections.
2) Information disclosure (CVE-ID: CVE-2011-4895)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
Tor before 0.2.2.34, when configured as a bridge, sets up circuits through a process different from the process used by a client, which makes it easier for remote attackers to enumerate bridges by observing circuit building.
3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2011-2768)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Tor before 0.2.2.34, when configured as a client or bridge, sends a TLS certificate chain as part of an outgoing OR connection, which allows remote relays to bypass intended anonymity properties by reading this chain and then determining the set of entry guards that the client or bridge had selected.
4) Information disclosure (CVE-ID: CVE-2011-2769)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
Tor before 0.2.2.34, when configured as a bridge, accepts the CREATE and CREATE_FAST values in the Command field of a cell within an OR connection that it initiated, which allows remote relays to enumerate bridges by using these values.
Remediation
Install update from vendor's website.