395985 – <net-misc/tor-0.2.2.34 Multiple vulnerabilities (CVE-2011-{4894,4895,4896,4897})

Bug 395985 - <net-misc/tor-0.2.2.34 Multiple vulnerabilities (CVE-2011-{4894,4895,4896,4897})

Summary: <net-misc/tor-0.2.2.34 Multiple vulnerabilities (CVE-2011-{4894,4895,4896,4897})

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B4 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2011-12-25 12:27 UTC by Agostino Sarubbo
Modified:	2013-08-30 11:08 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2011-12-25 12:27:16 UTC

From RedHat bugzilla:


Tor before 0.2.2.34, when configured as a bridge, uses direct DirPort
access instead of a Tor TLS connection for a directory fetch, which
makes it easier for remote attackers to enumerate bridges by observing
DirPort connections.

Tor before 0.2.2.34, when configured as a bridge, sets up circuits
through a process different from the process used by a client, which
makes it easier for remote attackers to enumerate bridges by observing
circuit building.

Tor before 0.2.2.24-alpha continues to use a reachable bridge that was
previously configured but is not currently configured, which might
allow remote attackers to obtain sensitive information about clients
in opportunistic circumstances by monitoring network traffic to the
bridge port.

Tor before 0.2.2.25-alpha, when configured as a relay without the
Nickname configuration option, uses the local hostname as the Nickname
value, which allows remote attackers to obtain potentially sensitive
information by reading this value.

Comment 1 Agostino Sarubbo gentoo-dev

2011-12-25 12:29:47 UTC

The stable version in tree is not affected, this bug is only to cleanup and track the CVE numbers.

@Blueness, 
please remove from the tree =net-misc/tor-0.2.1.32

Comment 2 GLSAMaker/CVETool Bot gentoo-dev

2011-12-29 13:09:20 UTC

CVE-2011-4897 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4897):
  Tor before 0.2.2.25-alpha, when configured as a relay without the Nickname
  configuration option, uses the local hostname as the Nickname value, which
  allows remote attackers to obtain potentially sensitive information by
  reading this value.

CVE-2011-4896 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4896):
  Tor before 0.2.2.24-alpha continues to use a reachable bridge that was
  previously configured but is not currently configured, which might allow
  remote attackers to obtain sensitive information about clients in
  opportunistic circumstances by monitoring network traffic to the bridge
  port.

CVE-2011-4895 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4895):
  Tor before 0.2.2.34, when configured as a bridge, sets up circuits through a
  process different from the process used by a client, which makes it easier
  for remote attackers to enumerate bridges by observing circuit building.

CVE-2011-4894 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4894):
  Tor before 0.2.2.34, when configured as a bridge, uses direct DirPort access
  instead of a Tor TLS connection for a directory fetch, which makes it easier
  for remote attackers to enumerate bridges by observing DirPort connections.

Comment 3 Tom 2013-08-12 11:31:32 UTC

Requesting closure, as The current version of Tor is much newer than these CVEs.  http://packages.gentoo.org/package/net-misc/tor

Comment 4 Agostino Sarubbo gentoo-dev

2013-08-29 16:05:23 UTC

Cleanup done, @security, please vote.

Comment 5 Chris Reffett (RETIRED) gentoo-dev

2013-08-29 16:39:25 UTC

GLSA vote: no.

Comment 6 Sergey Popov gentoo-dev

2013-08-30 11:08:50 UTC

GLSA vote: no

Closing as noglsa