Debian DSA-2993-1 : tor - security update

medium Nessus Plugin ID 76949

Synopsis

The remote Debian host is missing a security-related update.

Description

Several issues have been discovered in Tor, a connection-based low-latency anonymous communication system, resulting in information leaks.

- Relay-early cells could be used by colluding relays on the network to tag user circuits and so deploy traffic confirmation attacks [ CVE-2014-5117]. The updated version emits a warning and drops the circuit upon receiving inbound relay-early cells, preventing this specific kind of attack. Please consult the following advisory for more details about this issue :
https://blog.torproject.org/blog/tor-security-advisory-r elay-early-traffic-confirmation-attack

- A bug in the bounds-checking in the 32-bit curve25519-donna implementation could cause incorrect results on 32-bit implementations when certain malformed inputs were used along with a small class of private ntor keys. This flaw does not currently appear to allow an attacker to learn private keys or impersonate a Tor server, but it could provide a means to distinguish 32-bit Tor implementations from 64-bit Tor implementations.
The following additional security-related improvements have been implemented :

- As a client, the new version will effectively stop using CREATE_FAST cells. While this adds computational load on the network, this approach can improve security on connections where Tor's circuit handshake is stronger than the available TLS connection security levels.
- Prepare clients to use fewer entry guards by honoring the consensus parameters. The following article provides some background :

https://blog.torproject.org/blog/improving-tors-anonymit y-changing-guard-parameters

Solution

Upgrade the tor packages.

For the stable distribution (wheezy), these problems have been fixed in version 0.2.4.23-1~deb7u1.

See Also

https://security-tracker.debian.org/tracker/CVE-2014-5117

http://www.nessus.org/u?df709f16

http://www.nessus.org/u?e5cae368

https://packages.debian.org/source/wheezy/tor

https://www.debian.org/security/2014/dsa-2993

Plugin Details

Severity: Medium

ID: 76949

File Name: debian_DSA-2993.nasl

Version: 1.6

Type: local

Agent: unix

Published: 8/1/2014

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:tor, cpe:/o:debian:debian_linux:7.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 7/31/2014

Reference Information

CVE: CVE-2014-5117

BID: 68968

DSA: 2993