Alerts This Week
Warning Icon 1 609
Alerts This Week
Warning Icon 1 609

Debian DSA-2136-1: Tor Buffer Overflow Risk with Code Execution

debian
Calendar Grey December 22, 2010
Debian Logo
Debian security advisory DSA-2178-2 pertains to a potential risk of code execution in the GNU Bash shell, resulting from a critical buffer overflow vulnerability that was recently identified.
Willem Pinckaers discovered that Tor, a tool to enable online anonymity, does not correctly handle all data read from the network
Topics%20covered

Topics Covered

security advisory buffer overflow code execution debian remote risk tor

Summary


Willem Pinckaers discovered that Tor, a tool to enable online anonymity,
does not correctly handle all data read from the network. By supplying
specially crafted packets a remote attacker can cause Tor to overflow its
heap, crashing the process. Arbitrary code execution has not been
confirmed but there is a potential risk.

In the stable distribution (lenny), this update also includes an update of
the IP address for the Tor directory authority gabelmoo and addresses
a weakness in the package's postinst maintainer script.


For the stable distribution (lenny) this problem has been fixed in
version 0.2.1.26-1~lenny+4.

For the testing distribution (squeeze) and the unstable distribution (sid),
this problem has been fixed in version 0.2.1.26-6.


We recommend that you upgrade your tor packages.

Upgrade instructions
- --------------------

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
wi...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Package: tor

Topics%20covered

Topics Covered

security advisory buffer overflow code execution debian remote risk tor

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here