Mandriva Linux Security Advisory : tor (MDVSA-2013:132)

medium Nessus Plugin ID 66144

Synopsis

The remote Mandriva Linux host is missing a security update.

Description

Updated tor package fixes security vulnerabilities :

Tor before 0.2.2.34, when configured as a client or bridge, sends a TLS certificate chain as part of an outgoing OR connection, which allows remote relays to bypass intended anonymity properties by reading this chain and then determining the set of entry guards that the client or bridge had selected (CVE-2011-2768).

Tor before 0.2.2.34, when configured as a bridge, accepts the CREATE and CREATE_FAST values in the Command field of a cell within an OR connection that it initiated, which allows remote relays to enumerate bridges by using these values (CVE-2011-2769).

Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might allow remote attackers to cause a denial of service (daemon crash) via vectors related to failed DNS requests (CVE-2012-3517).

The networkstatus_parse_vote_from_string function in routerparse.c in Tor before 0.2.2.38 does not properly handle an invalid flavor name, which allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted (1) vote document or (2) consensus document (CVE-2012-3518).

routerlist.c in Tor before 0.2.2.38 uses a different amount of time for relay-list iteration depending on which relay is chosen, which might allow remote attackers to obtain sensitive information about relay selection via a timing side-channel attack (CVE-2012-3519).

The compare_tor_addr_to_addr_policy function in or/policies.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a zero-valued port field that is not properly handled during policy comparison (CVE-2012-4419).

Tor before 0.2.2.39, when waiting for a client to renegotiate, allowed it to add bytes to the input buffer, allowing a crash to be caused remotely (tor-5934, tor-6007).

Denial of Service vulnerability in Tor before 0.2.3.25, due to an error when handling SENDME cells and can be exploited to cause excessive consumption of memory resources within an entry node (SA51329, CVE-2012-5573).

The version of Tor shipped in MBS1 did not have correctly formed systemd unit and thus failed to start.

This updated version corrects this problem and restores working behaviour.

Solution

Update the affected tor package.

See Also

https://wiki.mageia.org/en/Support/Advisories/MGAA-2012-0184

Plugin Details

Severity: Medium

ID: 66144

File Name: mandriva_MDVSA-2013-132.nasl

Version: 1.8

Type: local

Published: 4/20/2013

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.7

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:tor, cpe:/o:mandriva:business_server:1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 4/10/2013

Reference Information

CVE: CVE-2011-2768, CVE-2011-2769, CVE-2012-3517, CVE-2012-3518, CVE-2012-3519, CVE-2012-4419, CVE-2012-5573

BID: 50414, 55128, 55519, 56675

MDVSA: 2013:132

MGASA: 2012-0276, 2012-0356