[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request: tor
From: "Steven M. Christey" <coley () linus ! mitre ! org>
Date: 2011-01-19 3:09:45
Message-ID: Pine.GSO.4.64.1101182205280.9694 () faron ! mitre ! org
[Download RAW message or body]
On Tue, 18 Jan 2011, Josh Bressers wrote:
> ----- Original Message -----
>> Hi,
>>
>> Tor 0.2.1.29 fixes three security issues:
>> http://archives.seul.org/or/announce/Jan-2011/msg00000.html
>>
>> While the first already has a CVE ID listed, two more are
>> still needed.
>>
>
> Here you go:
> CVE-2011-0015 Tor zlib DoS
> CVE-2011-0016 Tor keys not zeroed in memory
The advisory above also has a section on crashes which the Tor developers
"think are hard to exploit remotely," but still (most likely) qualify for
CVE inclusion.
CVE-2011-0490 - libevent
CVE-2011-0491 - tor_realloc crash / "underflow errors"
CVE-2011-0492 - assertion failure on specific file sizes
CVE-2011-0493 - assertion failure / malformed router caches
- Steve
======================================================
Name: CVE-2011-0490
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0490
Reference: MLIST:[or-announce] 20110117 Tor 0.2.1.29 is released (security patches)
Reference: URL:http://archives.seul.org/or/announce/Jan-2011/msg00000.html
Reference: CONFIRM:http://blog.torproject.org/blog/tor-02129-released-security-patches
Reference: CONFIRM:https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLog
Reference: CONFIRM:https://trac.torproject.org/projects/tor/ticket/2190
Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha makes calls to
Libevent within Libevent log handlers, which might allow remote
attackers to cause a denial of service (daemon crash) via vectors that
trigger certain log messages.
======================================================
Name: CVE-2011-0491
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0491
Reference: MLIST:[or-announce] 20110117 Tor 0.2.1.29 is released (security patches)
Reference: URL:http://archives.seul.org/or/announce/Jan-2011/msg00000.html
Reference: CONFIRM:http://blog.torproject.org/blog/tor-02129-released-security-patches
Reference: CONFIRM:https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLog
Reference: CONFIRM:https://trac.torproject.org/projects/tor/ticket/2324
The tor_realloc function in Tor before 0.2.1.29 and 0.2.2.x before
0.2.2.21-alpha does not validate a certain size value during memory
allocation, which might allow remote attackers to cause a denial of
service (daemon crash) via unspecified vectors, related to "underflow
errors."
======================================================
Name: CVE-2011-0492
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0492
Reference: MLIST:[or-announce] 20110117 Tor 0.2.1.29 is released (security patches)
Reference: URL:http://archives.seul.org/or/announce/Jan-2011/msg00000.html
Reference: CONFIRM:http://blog.torproject.org/blog/tor-02129-released-security-patches
Reference: CONFIRM:https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLog
Reference: CONFIRM:https://trac.torproject.org/projects/tor/ticket/2326
Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote
attackers to cause a denial of service (assertion failure and daemon
exit) via blobs that trigger a certain file size, as demonstrated by
the cached-descriptors.new file.
======================================================
Name: CVE-2011-0493
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0493
Reference: MLIST:[or-announce] 20110117 Tor 0.2.1.29 is released (security patches)
Reference: URL:http://archives.seul.org/or/announce/Jan-2011/msg00000.html
Reference: CONFIRM:http://blog.torproject.org/blog/tor-02129-released-security-patches
Reference: CONFIRM:https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLog
Reference: CONFIRM:https://trac.torproject.org/projects/tor/ticket/2352
Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha might allow
remote attackers to cause a denial of service (assertion failure and
daemon exit) via vectors related to malformed router caches and
improper handling of integer values.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic