|Summary:||<net-misc/tor-0.2.1.30: "policy_summarize()" Directory Authority Denial of Service Vulnerability (CVE-2011-1924)|
|Product:||Gentoo Security||Reporter:||Paweł Hajdan, Jr. (RETIRED) <phajdan.jr>|
|Component:||Vulnerabilities||Assignee:||Gentoo Security <security>|
|Package list:||Runtime testing required:||---|
Description Paweł Hajdan, Jr. (RETIRED) 2011-03-21 14:27:21 UTC
Description A vulnerability has been reported in Tor, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a boundary error within the "policy_summarize()" function in src/or/policies.c, which can be exploited to crash a Tor directory authority. The vulnerability is reported in versions prior to 0.2.1.30. Solution Update to version 0.2.1.30. Provided and/or discovered by The vendor credits piebeer. Original Advisory https://lists.torproject.org/pipermail/tor-announce/2011-February/000000.html http://secunia.com/advisories/43548/
Comment 1 Paweł Hajdan, Jr. (RETIRED) 2011-03-21 14:29:21 UTC
Maintainers, is it OK to stabilize net-misc/tor-0.2.1.30? To speed up the process, feel free to CC arches and add the STABLEREQ keyword yourself (and change the status whiteboard from "stable?" to "stable").
Comment 2 Anthony Basile 2011-03-21 15:38:29 UTC
Yes, it is ready for stabilization.
Comment 3 Anthony Basile 2011-03-21 15:39:25 UTC
Sorry, still getting used to new bugzilla ... added arches.
Comment 4 Kacper Kowalik (Xarthisius) (RETIRED) 2011-03-21 16:48:23 UTC
Comment 5 Agostino Sarubbo 2011-03-21 17:05:51 UTC
Comment 6 Andreas Schürch 2011-03-21 18:18:19 UTC
Looks also good here on x86.
Comment 7 Christoph Mende (RETIRED) 2011-03-21 20:06:09 UTC
amd64 done, thanks Agostino
Comment 8 Thomas Kahle (RETIRED) 2011-03-22 12:22:47 UTC
x86 stable. Thanks Andreas.
Comment 9 Raúl Porcel (RETIRED) 2011-04-02 15:42:01 UTC
Comment 10 Tim Sammut (RETIRED) 2011-04-02 15:49:52 UTC
Thanks, everyone. GLSA Vote: Yes.
Comment 11 Anthony Basile 2011-04-02 22:18:30 UTC
Vulnerable versions (tor-0.2.1.29 and tor-0.2.1.29-r1) removed from tree.
Comment 12 Alex Legler (RETIRED) 2011-05-17 20:58:51 UTC
GLSA vote: NO
Comment 13 Stefan Behte (RETIRED) 2011-05-21 11:23:58 UTC
Vote: yes, added to existing GLSA.
Comment 14 GLSAMaker/CVETool Bot 2011-06-24 00:08:20 UTC
CVE-2011-1924 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1924): Buffer overflow in the policy_summarize function in or/policies.c in Tor before 0.2.1.30 allows remote attackers to cause a denial of service (directory authority crash) via a crafted policy that triggers creation of a long port list.
Comment 15 Alexis Ballier 2011-07-08 00:05:57 UTC
no clue why bsd is in cc
Comment 16 GLSAMaker/CVETool Bot 2011-10-18 18:29:14 UTC
This issue was resolved and addressed in GLSA 201110-13 at http://security.gentoo.org/glsa/glsa-201110-13.xml by GLSA coordinator Tim Sammut (underling).