Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001.

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5036-1 advisory.

    It was discovered that Tor incorrectly handled certain memory operations. A remote attacker could use this     issue to cause a denial of service. This issue only affected Ubuntu 18.04 ESM. (CVE-2019-8955)

    It was discovered that Tor did not properly handle the input length to dump_desc() function. A remote     attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM,     Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2021-28089)

    It was discovered that Tor did not properly sanitize the relay nickname in     dirvote_add_signatures_to_pending_consensus() function. An attacker could possibly use this issue to cause     an assertion failure and then cause a denial of service. (CVE-2021-28090)

    It was discovered that Tor did not properly validate the layer hint on half-open streams. A remote     attacker could possibly use this issue to bypass the access control, leading to remote code execution.
    This issue only affected Ubuntu 20.04 ESM. (CVE-2021-34548)

    It was discovered that Tor was using an insecure hash function. A remote attacker could use this issue to     cause a denial of service. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04     ESM. (CVE-2021-34549)

    It was discovered that Tor did not properly manage memory under certain circumstances. If a user were     tricked into opening a specially crafted request, a remote attacker could possibly use this issue to cause     a crash, resulting in a denial of service, or possibly reading sensitive data. This issue only affected     Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2021-34550)

    It was discovered that Tor mishandles the relationship between batch-signature verification and single-     signature verification. An attacker could possibly use this issue to cause an assertion failure and then     cause a denial of service. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04     ESM. (CVE-2021-38385)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-202107-25 (Tor: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Tor. Please review the       CVE identifiers referenced below for details.
  Impact :

    Please review the referenced CVE identifiers for details.
  Workaround :

    There is no known workaround at this time.

The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-e68317166d advisory.

  - Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a     target, aka TROVE-2021-001. (CVE-2021-28089)

  - Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion     failure, aka TROVE-2021-002. (CVE-2021-28090)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

This update for tor fixes the following issues :

tor was updated to 0.4.5.7

- https://lists.torproject.org/pipermail/tor-announce/2021-March/000216.html

  - Fix 2 denial of service security issues (boo#1183726)

  + Disable the dump_desc() function that we used to dump     unparseable information to disk (CVE-2021-28089)

  + Fix a bug in appending detached signatures to a pending     consensus document that could be used to crash a     directory authority (CVE-2021-28090)

  - Ship geoip files based on the IPFire Location Database

Two vulnerabilities were discovered in Tor, a connection-based low-latency anonymous communication system, which could lead to excessive CPU usage or cause a directory authority to crash.

ID	Name	Product	Family	Severity
183153	Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : Tor vulnerabilities (USN-5036-1)	Nessus	Ubuntu Local Security Checks	high
157031	GLSA-202107-25 : Tor: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
148087	Fedora 33 : tor (2021-e68317166d)	Nessus	Fedora Local Security Checks	high
148066	openSUSE Security Update : tor (openSUSE-2021-461)	Nessus	SuSE Local Security Checks	high
147855	Debian DSA-4871-1 : tor - security update	Nessus	Debian Local Security Checks	high

Detections

Analytics

CVE-2021-28089

high

Tenable Plugins

high

high

high

high

high