[Bug 152232] Tor is vulnerable to a rewrite vuln on the controlport
Adna rim
adnarim at mail.ru
Sat Oct 13 08:13:39 BST 2007
Public bug reported:
Well I already filled out a bugreport about that tor is way to outdated
more than 2 months ago and you didn't care. Maybe a security-vuln will
change this. Source: http://secunia.com/advisories/26301
Description:
A vulnerability has been reported in Tor, which can be exploited by malicious people to bypass certain security restrictions.
The vulnerability is caused due to the ControlPort (localhost:9051)
handling commands without authentication when the first command was not
a successful "authenticate" command. This can be exploited to e.g.
modify the "torrc" file, when a user views a malicious web page
containing a specially crafted POST request or via a malicious tor exit
node.
Successful exploitation may compromise a user's anonymity, but requires
that the ControlPort is enabled.
The vulnerability is reported in versions prior to 0.1.2.16.
Addition: The control port is activated by default. An exploit also if its just for the windows version has already been released: http://milw0rm.com/exploits/4468 , so its likly also linux-exploits are out in the wild.
** Affects: feisty-backports
Importance: Undecided
Status: New
** Affects: tor (Ubuntu)
Importance: Undecided
Status: New
** Visibility changed to: Public
** Also affects: tor (Ubuntu)
Importance: Undecided
Status: New
--
Tor is vulnerable to a rewrite vuln on the controlport
https://bugs.launchpad.net/bugs/152232
You received this bug notification because you are a member of Ubuntu
Backporters, which is a direct subscriber.
More information about the ubuntu-backports
mailing list