LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

tor: arbitrary code execution

Package(s):tor CVE #(s):CVE-2011-2778
Created:December 16, 2011 Updated:January 11, 2012
Description: From the Debian advisory:

It was discovered that Tor, an online privacy tool, incorrectly computes buffer sizes in certain cases involving SOCKS connections. Malicious parties could use this to cause a heap-based buffer overflow, potentially allowing execution of arbitrary code.

In Tor's default configuration this issue can only be triggered by clients that can connect to Tor's socks port, which listens only on localhost by default.

In non-default configurations where Tor's SocksPort listens not only on localhost or where Tor was configured to use another socks server for all of its outgoing connections, Tor is vulnerable to a larger set of malicious parties.

Alerts:
Debian DSA-2363-1 2011-12-16
Fedora FEDORA-2011-17248 2012-01-10
Gentoo 201201-12 2012-01-23
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds