Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 359789 (CVE-2011-1924)

Summary: <net-misc/tor-0.2.1.30: "policy_summarize()" Directory Authority Denial of Service Vulnerability (CVE-2011-1924)
Product: Gentoo Security Reporter: Paweł Hajdan, Jr. (RETIRED) <phajdan.jr>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: blueness, chiiph
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [glsa]
Package list:
Runtime testing required: ---

Description Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-03-21 14:27:21 UTC
Description
A vulnerability has been reported in Tor, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to a boundary error within the "policy_summarize()" function in src/or/policies.c, which can be exploited to crash a Tor directory authority.

The vulnerability is reported in versions prior to 0.2.1.30.


Solution
Update to version 0.2.1.30.

Provided and/or discovered by
The vendor credits piebeer.

Original Advisory
https://lists.torproject.org/pipermail/tor-announce/2011-February/000000.html

http://secunia.com/advisories/43548/
Comment 1 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-03-21 14:29:21 UTC
Maintainers, is it OK to stabilize net-misc/tor-0.2.1.30?

To speed up the process, feel free to CC arches and add the STABLEREQ keyword yourself (and change the status whiteboard from "stable?" to "stable").
Comment 2 Anthony Basile gentoo-dev 2011-03-21 15:38:29 UTC
Yes, it is ready for stabilization.
Comment 3 Anthony Basile gentoo-dev 2011-03-21 15:39:25 UTC
Sorry, still getting used to new bugzilla ... added arches.
Comment 4 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2011-03-21 16:48:23 UTC
ppc/ppc64 stable
Comment 5 Agostino Sarubbo gentoo-dev 2011-03-21 17:05:51 UTC
amd64 ok
Comment 6 Andreas Schürch gentoo-dev 2011-03-21 18:18:19 UTC
Looks also good here on x86.
Comment 7 Christoph Mende (RETIRED) gentoo-dev 2011-03-21 20:06:09 UTC
amd64 done, thanks Agostino
Comment 8 Thomas Kahle (RETIRED) gentoo-dev 2011-03-22 12:22:47 UTC
x86 stable. Thanks Andreas.
Comment 9 Raúl Porcel (RETIRED) gentoo-dev 2011-04-02 15:42:01 UTC
arm/sparc stable
Comment 10 Tim Sammut (RETIRED) gentoo-dev 2011-04-02 15:49:52 UTC
Thanks, everyone. GLSA Vote: Yes.
Comment 11 Anthony Basile gentoo-dev 2011-04-02 22:18:30 UTC
Vulnerable versions (tor-0.2.1.29 and tor-0.2.1.29-r1) removed from tree.
Comment 12 Alex Legler (RETIRED) archtester gentoo-dev Security 2011-05-17 20:58:51 UTC
GLSA vote: NO
Comment 13 Stefan Behte (RETIRED) gentoo-dev Security 2011-05-21 11:23:58 UTC
Vote: yes, added to existing GLSA.
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2011-06-24 00:08:20 UTC
CVE-2011-1924 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1924):
  Buffer overflow in the policy_summarize function in or/policies.c in Tor
  before 0.2.1.30 allows remote attackers to cause a denial of service
  (directory authority crash) via a crafted policy that triggers creation of a
  long port list.
Comment 15 Alexis Ballier gentoo-dev 2011-07-08 00:05:57 UTC
no clue why bsd is in cc
Comment 16 GLSAMaker/CVETool Bot gentoo-dev 2011-10-18 18:29:14 UTC
This issue was resolved and addressed in
 GLSA 201110-13 at http://security.gentoo.org/glsa/glsa-201110-13.xml
by GLSA coordinator Tim Sammut (underling).