First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 250018
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Matti Bickel <mabi@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 250018 depends on: Show dependency tree
Bug 250018 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2008-12-06 11:12 0000 
From secunia:
1) The application does not properly drop privileges to the primary
groups of the user specified via the "User" parameter. This may
result in the tor process running with higher privileges than
intended.

Note: This may affect UNIX like operating systems only.

2) The "ClientDNSRejectInternalAddresses" configuration option is not
always enforced, which weakens the security and could open a vector
for further attacks.

SOLUTION:
Update to version 0.2.0.32.
https://www.torproject.org/download.html

PROVIDED AND/OR DISCOVERED BY:
1) Theo de Raadt
2) rovv

ORIGINAL ADVISORY:
http://blog.torproject.org/blog/tor-0.2.0.32-released

------- Comment #1 From Matti Bickel 2008-12-06 11:13:38 0000 ------- 
Please provide the newest ebuild..

------- Comment #2 From Christian Faulhammer 2008-12-06 12:31:05 0000 ------- 
New version is in the tree, thanks mabi.  Arches please stabilise

net-misc/tor-0.2.0.32
target KEYWORDS are: amd64 ppc ppc64 sparc x86 ~x86-fbsd

Sparc, please check if bug 246483 is still relevant.  I removed the patch from
0.2.0.31 as upstream mentions the bug in its ChangeLog.

security team, I could not find a CVE assigned.

------- Comment #3 From Richard Freeman 2008-12-07 15:08:20 0000 ------- 
amd64 stable

------- Comment #4 From Tobias Scherbaum 2008-12-07 15:32:06 0000 ------- 
ppc stable

------- Comment #5 From Markus Meier 2008-12-08 18:47:38 0000 ------- 
x86 stable

------- Comment #6 From Brent Baude 2008-12-08 19:40:12 0000 ------- 
ppc64 stable

------- Comment #7 From Friedrich Oslage 2008-12-09 19:56:34 0000 ------- 
sparc stable

(In reply to comment #2)
> Sparc, please check if bug 246483 is still relevant.  I removed the patch from
> 0.2.0.31 as upstream mentions the bug in its ChangeLog.

All good

------- Comment #8 From Tobias Heinlein 2008-12-09 22:38:23 0000 ------- 
Ready for vote, I vote YES.

------- Comment #9 From Stefan Behte 2008-12-10 10:23:47 0000 ------- 
Handling CVE-2008-5398 also here, because the same versions are affected and
this bug fixes CVE-2008-5398, too.

------- Comment #10 From Stefan Behte 2008-12-10 10:25:11 0000 ------- 
CVE-2008-5397:
Tor before 0.2.0.32 does not properly process the (1) User and (2) Group
configuration options, which might allow local users to gain privileges by
leveraging unintended supplementary group memberships of the Tor process. 

CVE-2008-5398:
Tor before 0.2.0.32 does not properly process the
ClientDNSRejectInternalAddresses configuration option in situations where an
exit relay issues a policy-based refusal of a stream, which allows remote exit
relays to have an unknown impact by mapping an internal IP address to the
destination hostname of a refused stream.

------- Comment #11 From Stefan Behte 2009-01-11 18:54:21 0000 ------- 
Yes, too. Request filed.

------- Comment #12 From Christian Faulhammer 2009-02-08 22:29:41 0000 ------- 
(In reply to comment #11)
> Yes, too. Request filed.

 Can I help to prepare the GLSA?  Or what is the status?

------- Comment #13 From Alex Legler 2009-02-08 22:34:27 0000 ------- 
(In reply to comment #12)
> (In reply to comment #11)
> > Yes, too. Request filed.
> 
>  Can I help to prepare the GLSA?  Or what is the status?
> 

Just the request currently, a draft would be highly appreciated. :/

------- Comment #14 From svrmarty 2009-02-15 13:21:07 0000 ------- 
higher version needed,

see bug #258833

------- Comment #15 From Robert Buchholz 2009-04-08 22:49:23 0000 ------- 
GLSA 200904-11
First Last Prev Next    No search results available      Search page      Enter new bug