LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

KSM runs into patent trouble

Tux3: the other next-generation filesystem

LWN.net Weekly Edition for November 27, 2008

LWN.net Weekly Edition for November 20, 2008

MinGW and why Linux users should care

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

tor: compromised anonymity

Package(s):tor CVE #(s):CVE-2007-3165 CVE-2007-4174
Created:August 20, 2007 Updated:August 22, 2007
Description: Tor before 0.1.2.14 can construct circuits in which an entry guard is in the same family as the exit node, which might compromise the anonymity of traffic sources and destinations by exposing traffic to inappropriate remote observers. (CVE-2007-3165)

An unspecified vulnerability in Tor before 0.1.2.16, when ControlPort is enabled, might allow remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact, related to improper handling of multiple ControlPort authentication attempts. (CVE-2007-4174)

Alerts:
Fedora FEDORA-2007-1674 2007-08-19
(Log in to post comments)

tor: compromised anonymity

Posted Sep 1, 2007 18:59 UTC (Sat) by scarabaeus (subscriber, #7142) [Link]

Further information WRT the security fix in tor 0.1.2.16 has now been posted: Announcement
In short: tor's control port 9051 is restricted to access from localhost for security reasons. The protocol on that port is not HTTP. Nevertheless, the localhost-only access restriction could be circumvented by an attacker who made the user's web browser perform a POST request to that port, because tor would throw away invalid commands (i.e. the HTTP headers) until it came to one that was valid (POST payload).

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds