User: Password:
Subscribe / Log in / New account


Eavesdropping on Tor traffic

By Jake Edge
September 12, 2007

A Swedish security researcher, Dan Egerstad, recently highlighted a flaw in the way many folks are using Tor, a tool for internet anonymity. He said that he had captured user names and passwords for at least 1000 email accounts, posting the details for 100 of those. Ten days after the initial disclosure, he followed up with information on how he captured the data.

Tor (aka The Onion Router) is a system designed to hide the source and destination of internet traffic by routing it through a few intermediate nodes. Software is available for most operating systems and can run in either client or server mode. The Tor network consists of many server nodes that can route this traffic, but it also has special nodes, called "exit nodes" that are the endpoints for traffic within the Tor network. Exit nodes are the ones that actually talk to the server the client was trying to reach, thus they see any traffic exactly as it will be presented to the destination.

A Tor client picks a random path through the network, using a directory server to get a list of active nodes. For each hop along that path, it negotiates a separate session key. It encrypts the packet data, along with a destination address, once per node in the path, building up a packet with multiple layers of encrypted information. Each layer can only be decrypted by the proper intermediate node. Each intermediate node only knows about its predecessor, the destination, and the key, so with more than a few nodes, the source and ultimate destination are hidden. The exit node is the last layer of the onion, what it decrypts is the data bound for the destination.

Running an exit node for Tor has some risks associated with it, as all traffic that goes to a destination site appears to originate from the exit node host. If the destination gets attacked by a denial of service or other exploit, the exit node operator would seem to be the guilty party. For this reason, Tor servers can determine whether or not they are willing to be exit nodes. What Egerstad did was to volunteer five servers as exit nodes and monitor the traffic that went by.

What his exit nodes saw was the traffic bound for various servers, much of it in the clear. He collected authentication for email servers from many users, with the ones he released being embassy workers and members of human rights organizations. He monitored the POP3 and IMAP protocols, specifically looking for keywords associated with governments. By looking at those two protocols, he not only was able to capture passwords, his exit nodes also saw all of the email stream by as it was delivered to the users.

This should come as no real surprise, unencrypted email protocols are a security hazard; they should probably go the way of telnet, and be banished from internet usage. What is more surprising, but perhaps shouldn't be, is that people are using Tor to retrieve their email. Tor is not supposed to be a complete privacy solution, and it is not presented that way, but the difference between anonymity and privacy seem to have gotten lost.

It is a near certainty that others are doing just what Egerstad did. Governments and criminals – though it can be hard to distinguish between the two at times – both have an interest in monitoring this kind of traffic. Egerstad lists a number of suspicious exit nodes in the Tor network, any or all of which could be scanning the cleartext traffic that streams by.

In some ways, Tor is really no different than the myriad routers that internet traffic passes through; each of those presents a point where traffic could be intercepted. Tor is better in that regard, perhaps, because all but the last leg (which, of course, traverses any number of routers) are encrypted. If an encrypted protocol, SSL or an ssh tunnel for example, were used end-to-end, Egerstad's monitoring would not have worked. With proper certificate/key handling, no intermediate node, Tor or router, can decrypt the traffic.

It is a bit ironic that one would use a service meant to provide anonymity to log in to a system using credentials that are intended to restrict access to a particular user. It is a bit like renting a room at the No-Tell Motel using your credit card. Presumably, the users had Tor installed and running for other reasons and either didn't know or forgot to turn it off when retrieving their email. Perhaps their email client helpfully retrieves their email every few minutes without their intervention.

It should be noted that Tor does not do anything above the protocol level to anonymize traffic. Cookies, browser identification strings and other information can be used to identify who is using the connection to anyone with access to the traffic. Obviously, logging in makes that even easier. Another known threat to anonymity using Tor, even with end-to-end encryption, is timing analysis. If someone can monitor the timing of the packets at the client and those at the server, they can make a statistical correlation between the two.

Tor achieved another kind of notoriety, recently, as some of the storm worm spam started pushing it as a solution for internet anonymity. Unfortunately, users who followed the link landed on a fake Tor download page. Downloading the software did not result in any increase in their privacy, it simply installed one of the storm worm variants. It is certainly not the publicity that Tor wanted, but it could, perhaps, lead a few users to the real Tor. It is a dubious honor, but the storm worm herders must believe that the Tor name has some credibility in order to use it this way.

Tor is an excellent tool for what it does, but it certainly is not a solution to all internet communication privacy issues. As with most things, users need to understand what they are doing before they can gain the benefits of Tor. By managing the higher level identifying information correctly (perhaps by using something like Privoxy), one can use internet services anonymously with a reasonable level of comfort. Using end-to-end encryption makes it that much better.

Comments (5 posted)

New vulnerabilities

eggdrop: stack-based buffer overflow

Package(s):eggdrop CVE #(s):CVE-2007-2807
Created:September 7, 2007 Updated:December 8, 2009
Description: A stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop 1.6.18, and possibly earlier, allows user-assisted, malicious remote IRC servers to execute arbitrary code via a long private message.
Mandriva MDVSA-2009:126-1 eggdrop 2009-12-08
Debian DSA-1826-1 eggdrop 2009-07-04
Mandriva MDVSA-2009:126 eggdrop 2009-06-01
Fedora FEDORA-2009-5572 eggdrop 2009-05-28
Fedora FEDORA-2009-5568 eggdrop 2009-05-28
Debian DSA-1448-1 eggdrop 2008-01-05
Fedora FEDORA-2007-4325 eggdrop 2007-12-10
Fedora FEDORA-2007-4305 eggdrop 2007-12-10
Gentoo 200709-07 eggdrop 2007-09-15
Mandriva MDKSA-2007:175 eggdrop 2007-09-06

Comments (none posted)

gforge: missing input sanitizing

Package(s):gforge CVE #(s):CVE-2007-3913
Created:September 7, 2007 Updated:September 12, 2007
Description: Sumit I. Siddharth discovered that Gforge, a collaborative development tool, performs insufficient input sanitizing, which allows SQL injection.
Debian-Testing DTSA-57-1 gforge 2007-09-09
Debian DSA-1369-1 gforge 2007-09-06

Comments (none posted)

jffnms: multiple vulnerabilities

Package(s):jffnms CVE #(s):CVE-2007-3189 CVE-2007-3190 CVE-2007-3191 CVE-2007-3192
Created:September 12, 2007 Updated:September 12, 2007
Description: jffnms, a web-based network management system, suffers from a cross-site scripting vulnerability, multiple SQL injection vulnerabilities, and an authentication bypass problem.
Debian DSA-1374-1 jffnms 2007-09-11

Comments (none posted)

lighttpd: buffer overflow

Package(s):lighttpd CVE #(s):CVE-2007-4727
Created:September 12, 2007 Updated:October 8, 2007
Description: From the Fedora advisory: Lighttpd (1.4.17 and earlier) is prone to a header overflow when using the mod_fastcgi extension, this can lead to arbitrary code execution in the fastcgi application.
Debian DSA 1362-2 lighttpd 2007-10-07
Gentoo 200709-16 lighttpd 2007-09-27
Foresight FLEA-2007-0054-1 lighttpd 2007-09-17
rPath rPSA-2007-0183-1 lighttpd 2007-09-14
Fedora FEDORA-2007-2132 lighttpd 2007-09-12

Comments (none posted)

openssh: inappropriate use of trusted cookies

Package(s):gnome-ssh-askpass openssh CVE #(s):CVE-2007-4752
Created:September 11, 2007 Updated:August 25, 2008
Description: OpenSSH in versions prior 4.7 could use a trusted X11 cookie if the creation of an untrusted cookie failed.
CentOS CESA-2008:0855 openssh 2008-08-22
Red Hat RHSA-2008:0855-01 openssh 2008-08-22
Debian DSA-1576-1 openssh 2008-05-14
Ubuntu USN-566-1 openssh 2008-01-09
Mandriva MDKSA-2007:236 openssh 2007-12-04
Gentoo 200711-02 openssh 2007-11-01
Fedora FEDORA-2007-715 openssh 2007-10-15
Foresight FLEA-2007-0055-1 openssh 2007-09-17
Slackware SSA:2007-255-01 openssh 2007-09-13
rPath rPSA-2007-0181-1 gnome-ssh-askpass 2007-09-10

Comments (none posted)

phpmyadmin: multiple vulnerabilities

Package(s):phpmyadmin CVE #(s):CVE-2006-6942 CVE-2006-6944 CVE-2007-1325 CVE-2007-1395 CVE-2007-2245
Created:September 10, 2007 Updated:March 19, 2009
Description: Several remote vulnerabilities have been discovered in phpMyAdmin, a program to administrate MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2007-1325: The PMA_ArrayWalkRecursive function in libraries/common.lib.php does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service (web server crash) via an array with many dimensions.

CVE-2007-1395: Incomplete blacklist vulnerability in index.php allows remote attackers to conduct cross-site scripting (XSS) attacks by injecting arbitrary JavaScript or HTML in a (1) db or (2) table parameter value followed by an uppercase </SCRIPT> end tag, which bypasses the protection against lowercase </script>.

CVE-2007-2245: Multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary web script or HTML via (1) the fieldkey parameter to browse_foreigners.php or (2) certain input to the PMA_sanitize function.

CVE-2006-6942: Multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through (a) db_operations.php, (2) the db parameter to (b) db_create.php, (3) the newname parameter to db_operations.php, the (4) query_history_latest, (5) query_history_latest_db, and (6) querydisplay_tab parameters to (c) querywindow.php, and (7) the pos parameter to (d) sql.php.

CVE-2006-6944: phpMyAdmin allows remote attackers to bypass Allow/Deny access rules that use IP addresses via false headers.

Gentoo 200903-32 phpmyadmin 2009-03-18
Mandriva MDKSA-2007:199 phpMyAdmin 2007-10-17
Debian DSA-1370-2 phpmyadmin 2007-09-10
Debian DSA-1370-1 phpmyadmin 2007-09-09

Comments (none posted)

qgit: arbitrary code execution

Package(s):qgit CVE #(s):CVE-2007-4631
Created:September 10, 2007 Updated:October 8, 2007
Description: Not only does QGit construct a predictable file name here, and doesn't check if the files already exist, which can be leveraged into information leak or arbitrary file overwrite in case they're symlinks, but later on executes one of them. This is not just problem when /tmp is mounted with noexec option, but might be exploited into arbitrary code execution under time-dependent race condition.
Gentoo 200710-05 qgit 2007-10-07
Fedora FEDORA-2007-2108 qgit 2007-09-10

Comments (none posted)

samba: incorrect group assignment

Package(s):samba CVE #(s):CVE-2007-4138
Created:September 12, 2007 Updated:November 15, 2007
Description: From the Samba advisory: When the rfc2307 or sfu nss_info plugin has been enabled, in the absence of either the RFC2307 or SFU primary group attribute, Winbind will assign a primary group ID of 0 to the domain user queried using the getpwnam() C library call.
Red Hat RHSA-2007:1017-01 samba 2007-11-15
Red Hat RHSA-2007:1016-01 samba 2007-11-15
rPath rPSA-2007-0184-1 samba 2007-09-14
Slackware SSA:2007-255-02 samba 2007-09-13
Fedora FEDORA-2007-2145 samba 2007-09-12

Comments (1 posted)

wordpress: privilege bypass

Package(s):wordpress CVE #(s):
Created:September 12, 2007 Updated:September 12, 2007
Description: Wordpress 2.2.3 has been released to fix a security problem. The project has not gone out of its way to describe this problem, but, from the fixed bug list, one concludes that it is possible for users without the requisite privileges to post arbitrary HTML.
Fedora FEDORA-2007-2143 wordpress 2007-09-12

Comments (none posted)

xorg-server: local privilege escalation

Package(s):xorg-server CVE #(s):CVE-2007-4730
Created:September 10, 2007 Updated:January 24, 2008
Description: Aaron Plattner discovered a buffer overflow in the Composite extension of the X server, which can lead to local privilege escalation.
Mandriva MDVSA-2008:022 xorg-x11 2008-01-23
Gentoo 200710-16 xorg-server 2007-10-14
Ubuntu USN-514-1 xorg-server 2007-09-18
Red Hat RHSA-2007:0898-01 2007-09-19
rPath rPSA-2007-0187-1 x11 2007-09-14
Mandriva MDKSA-2007:178 x11-server 2007-09-11
Debian DSA-1372-1 xorg-server 2007-09-09

Comments (none posted)

Page editor: Jake Edge
Next page: Kernel development>>

Copyright © 2007, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds