Mandriva Linux Security Advisory : tor (MDVSA-2013:132)

This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing a security update.

Description :

Updated tor package fixes security vulnerabilities :

Tor before 0.2.2.34, when configured as a client or bridge, sends a
TLS certificate chain as part of an outgoing OR connection, which
allows remote relays to bypass intended anonymity properties by
reading this chain and then determining the set of entry guards that
the client or bridge had selected (CVE-2011-2768).

Tor before 0.2.2.34, when configured as a bridge, accepts the CREATE
and CREATE_FAST values in the Command field of a cell within an OR
connection that it initiated, which allows remote relays to enumerate
bridges by using these values (CVE-2011-2769).

Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might
allow remote attackers to cause a denial of service (daemon crash) via
vectors related to failed DNS requests (CVE-2012-3517).

The networkstatus_parse_vote_from_string function in routerparse.c in
Tor before 0.2.2.38 does not properly handle an invalid flavor name,
which allows remote attackers to cause a denial of service
(out-of-bounds read and daemon crash) via a crafted (1) vote document
or (2) consensus document (CVE-2012-3518).

routerlist.c in Tor before 0.2.2.38 uses a different amount of time
for relay-list iteration depending on which relay is chosen, which
might allow remote attackers to obtain sensitive information about
relay selection via a timing side-channel attack (CVE-2012-3519).

The compare_tor_addr_to_addr_policy function in or/policies.c in Tor
before 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote
attackers to cause a denial of service (assertion failure and daemon
exit) via a zero-valued port field that is not properly handled during
policy comparison (CVE-2012-4419).

Tor before 0.2.2.39, when waiting for a client to renegotiate, allowed
it to add bytes to the input buffer, allowing a crash to be caused
remotely (tor-5934, tor-6007).

Denial of Service vulnerability in Tor before 0.2.3.25, due to an
error when handling SENDME cells and can be exploited to cause
excessive consumption of memory resources within an entry node
(SA51329, CVE-2012-5573).

The version of Tor shipped in MBS1 did not have correctly formed
systemd unit and thus failed to start.

This updated version corrects this problem and restores working
behaviour.

See also :

https://wiki.mageia.org/en/Support/Advisories/MGAA-2012-0184

Solution :

Update the affected tor package.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 5.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 66144 ()

Bugtraq ID: 50414
55128
55519
56675

CVE ID: CVE-2011-2768
CVE-2011-2769
CVE-2012-3517
CVE-2012-3518
CVE-2012-3519
CVE-2012-4419
CVE-2012-5573

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now