Tor Vulnerable to Remote arbitrary code Execution

Posted: January 24, 2012 in Vulnerabilities

Tor+Vulnerable+to+Remote+arbitrary+code+Execution

According to latest post of Gentoo Linux Security Advisory, There are multiple vulnerabilities have been found in TOR, the most severe ofwhich may allow a remote attacker to execute arbitrary code. TOR is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service.Using this Vulnerability remote attacker could possibly execute arbitrary code or cause a Denial of Service. Furthermore, a remote relay the user is directly connected to may be able to disclose anonymous information about that user or enumerate bridges in the user’s connection.

Advisory explain that , Affected Vulnerable packages are < 0.2.2.35 . Multiple vulnerabilities have been discovered in Tor are listed below:
* When configured as client or bridge, Tor uses the same TLS certificate chain for all outgoing connections (CVE-2011-2768).
* When configured as a bridge, Tor relays can distinguish incoming bridge connections from client connections (CVE-2011-2769).
An error in or/buffers.c could result in a heap-based buffer overflow (CVE-2011-2778).All Tor users should upgrade to the latest version.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s