Summary: | <net-misc/tor-0.2.7.6: Logging malformed hostnames in socks5 requests leaks sensitive information | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | blueness |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1257875 | ||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2015-08-28 12:08:56 UTC
this is an old but which has long been fixed. (In reply to Anthony Basile from comment #1) > this is an old but which has long been fixed. since security is running around p.masking stuff, let me put it very cleary that THIS IS LONG FIXED. Don't p.mask. Fix has been confirmed to be in the =net-misc/tor-0.2.7.6 source. 1826 log_warn(LD_PROTOCOL, 1827 "Your application (using socks5 to port %d) gave Tor " 1828 "a malformed hostname: %s. Rejecting the connection.", 1829 req->port, escaped_safe_str_client(req->address)); 1830 return -1; 1831 } GLSA Vote: No |