Wilders Security Forums  

Go Back   Wilders Security Forums > Privacy Related Topics > privacy technology
Reload this Page Tor buffer overflow vulnerability
User Name
Password
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

 
 
Thread Tools Search this Thread
  #1  
Old December 20th, 2011, 07:55 PM
MrBrian MrBrian is offline
Very Frequent Poster
  
Join Date: Feb 2008
Posts: 2,925
Default Tor buffer overflow vulnerability
http://secunia.com/advisories/47276/
  #2  
Old December 20th, 2011, 10:24 PM
funkydude's Avatar
funkydude funkydude is offline
Incredibly Massive Poster
  
Join Date: Apr 2004
Posts: 6,016
Default Re: Tor buffer overflow vulnerability
Tor 0.2.2.35 is released

Quote:
Tor 0.2.2.35 fixes a critical heap-overflow security issue in Tor's buffers code. Absolutely everybody should upgrade.

The bug relied on an incorrect calculation when making data continuous in one of our IO buffers, if the first chunk of the buffer was misaligned by just the wrong amount. The miscalculation would allow an attacker to overflow a piece of heap-allocated memory. To mount this attack, the attacker would need to either open a SOCKS connection to Tor's SocksPort (usually restricted to localhost), or target a Tor instance configured to make its connections through a SOCKS proxy (which Tor does not do by default).

Good security practice requires that all heap-overflow bugs should be presumed to be exploitable until proven otherwise, so we are treating this as a potential code execution attack. Please upgrade immediately!

https://blog.torproject.org/blog/tor...curity-patches
__________________
OpenDNS with DNSCrypt

SSD: Windows 8 Pro x64 | IE10 (Enhanced Protected Mode) & Fanboy's TPLs
HDD: Xubuntu 12.04 LTS (x64) | Firefox: ABP(Fanboy's list) & HTTPS Everywhere
  #3  
Old December 20th, 2011, 11:18 PM
J_L's Avatar
J_L J_L is offline
Massive Poster
  
Join Date: Nov 2009
Posts: 4,865
Default Re: Tor buffer overflow vulnerability
Thanks, updating ASAP.
__________________
  #4  
Old December 22nd, 2011, 07:17 PM
Carver's Avatar
Carver Carver is offline
Very Frequent Poster
  
Join Date: Feb 2006
Location: USA
Posts: 1,428
Default Re: Tor buffer overflow vulnerability
I got a update popup to update to the latest version of vidalia bundle 0.2.15, it has TOR 0.2.2.35 in it.
  #5  
Old December 25th, 2011, 10:27 AM
SafetyFirst's Avatar
SafetyFirst SafetyFirst is offline
Frequent Poster
  
Join Date: Jan 2007
Posts: 460
Default Re: Tor buffer overflow vulnerability
Thanks. Updated.
 

Wilders Security Forums > Privacy Related Topics > privacy technology « Previous Thread | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Settings
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 09:49 PM.

Contact Us - SSL - Wilders Security - Archive - TOS/Privacy - Top

Powered by vBulletin® Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2013, Wilders Security Forums