Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Gentoo: GLSA-201101-02 High: Tor Remote Code Execution Threat

gentoo
Calendar Grey January 15, 2011
Dist Gentoo Esm H88
Utilize the Gentoo GLSA 202203-15 notice regarding a critical heap buffer overflow found in Tor that could lead to unauthorized code execution.
Tor is vulnerable to a heap-based buffer overflow that may allow arbitrary code execution.

Summary

Tor contains a heap-based buffer overflow in the processing of user or attacker supplied data. No additional information is available.

Topics%20covered

Topics Covered

security advisory high severity gentoo remote code execution heap overflow tor

Resolution

All Tor users should upgrade to the latest stable version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/tor-0.2.1.28"

References

[ 1 ] CVE-2010-1676 https://www.cve.org/CVERecord?id=CVE-2010-1676

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201101-02
style>.gentoo_availability{display:block;}

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity: High
Title: Tor: Remote heap-based buffer overflow
Date: January 15, 2011
Bugs: #349312
ID: 201101-02

Topics%20covered

Topics Covered

security advisory high severity gentoo remote code execution heap overflow tor

Synopsis

Tor is vulnerable to a heap-based buffer overflow that may allow arbitrary code execution.

Background

Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/tor < 0.2.1.28 >= 0.2.1.28

Impact

===== Successful exploitation of this vulnerability may allow an unauthenticated remote attacker to execute arbitrary code with the permissions of the Tor user, or to cause a Denial of Service.

Workaround

There is no known workaround at this time.

Related News

Your message here