Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 351920 (CVE-2011-0427) - <net-misc/tor-0.2.1.29: Multiple vulnerabilities (CVE-2011-{0015,0016,0427,0490,0491,0492,0493})
Summary: <net-misc/tor-0.2.1.29: Multiple vulnerabilities (CVE-2011-{0015,0016,0427,04...
Status: RESOLVED FIXED
Alias: CVE-2011-0427
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
URL: https://gitweb.torproject.org/tor.git...
Whiteboard: B1 [glsa]
Keywords:
: 351922 (view as bug list)
Depends on:
Blocks:
 
Reported: 2011-01-17 15:51 UTC by Anthony Basile
Modified: 2011-10-18 18:29 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Anthony Basile gentoo-dev 2011-01-17 15:51:12 UTC
This release actually addresses 3 security issues.  See the release notes.
Comment 1 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2011-01-17 16:12:59 UTC
Arches, please test and mark stable:
=net-misc/tor-0.2.2.21_alpha
Target keywords : "amd64 arm ppc ppc64 sparc x86"
Comment 2 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2011-01-17 16:13:30 UTC
*** Bug 351922 has been marked as a duplicate of this bug. ***
Comment 3 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2011-01-17 16:14:49 UTC
Sorry, that of course is:

Arches, please test and mark stable:
=net-misc/tor-0.2.1.29
Target keywords : "amd64 arm ppc ppc64 sparc x86"

tor maintainers: shoulnd't an alpha version be masked?
Comment 4 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2011-01-17 17:17:17 UTC
ppc/ppc64 stable
Comment 5 Anthony Basile gentoo-dev 2011-01-17 18:04:10 UTC
(In reply to comment #3)
> Sorry, that of course is:
> 
> Arches, please test and mark stable:
> =net-misc/tor-0.2.1.29
> Target keywords : "amd64 arm ppc ppc64 sparc x86"
> 
> tor maintainers: shoulnd't an alpha version be masked?
> 

We have the following in profiles/package.mask

    # Anthony G. Basile <blueness@gentoo.org> (10 Jan 2011)
    # Masked until libevent-2* is unmasked (bug #333077) 
    =net-misc/tor-0.2.2*

I tested and it works.

Comment 6 Agostino Sarubbo gentoo-dev 2011-01-17 20:23:33 UTC
amd64 ok
Comment 7 Markos Chandras (RETIRED) gentoo-dev 2011-01-17 22:34:36 UTC
amd64 done. Thanks Agostino
Comment 8 Christian Faulhammer (RETIRED) gentoo-dev 2011-01-18 10:01:31 UTC
x86 stable
Comment 9 Toralf Förster gentoo-dev 2011-01-18 11:10:19 UTC
May I point you to https://bugs.gentoo.org/show_bug.cgi?id=351920 btw ?
Comment 10 Toralf Förster gentoo-dev 2011-01-18 14:50:16 UTC
(In reply to comment #9)
> May I point you to https://bugs.gentoo.org/show_bug.cgi?id=351920 btw ?
> 
Sry, I meant https://bugs.gentoo.org/show_bug.cgi?id=347656 and especially the link to the TOR trac page.

Comment 11 Tim Sammut (RETIRED) gentoo-dev 2011-01-19 04:09:33 UTC
According to http://www.openwall.com/lists/oss-security/2011/01/18/7, the additional CVEs are:

CVE-2011-0015 Tor zlib DoS
CVE-2011-0016 Tor keys not zeroed in memory
Comment 12 Tim Sammut (RETIRED) gentoo-dev 2011-01-20 07:58:57 UTC
More CVE assignments for this release per http://www.openwall.com/lists/oss-security/2011/01/19/1.

<--

The advisory above also has a section on crashes which the Tor developers 
"think are hard to exploit remotely," but still (most likely) qualify for 
CVE inclusion.

CVE-2011-0490 - libevent
CVE-2011-0491 - tor_realloc crash / "underflow errors"
CVE-2011-0492 - assertion failure on specific file sizes
CVE-2011-0493 - assertion failure / malformed router caches
Comment 13 Markus Meier gentoo-dev 2011-01-23 13:53:11 UTC
arm stable
Comment 14 Raúl Porcel (RETIRED) gentoo-dev 2011-02-12 17:50:04 UTC
sparc stable
Comment 15 Tim Sammut (RETIRED) gentoo-dev 2011-02-12 18:22:32 UTC
GLSA request filed.
Comment 16 GLSAMaker/CVETool Bot gentoo-dev 2011-06-14 09:22:24 UTC
CVE-2011-0493 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0493):
  Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha might allow remote
  attackers to cause a denial of service (assertion failure and daemon exit)
  via vectors related to malformed router caches and improper handling of
  integer values.

CVE-2011-0492 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0492):
  Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote
  attackers to cause a denial of service (assertion failure and daemon exit)
  via blobs that trigger a certain file size, as demonstrated by the
  cached-descriptors.new file.

CVE-2011-0491 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0491):
  The tor_realloc function in Tor before 0.2.1.29 and 0.2.2.x before
  0.2.2.21-alpha does not validate a certain size value during memory
  allocation, which might allow remote attackers to cause a denial of service
  (daemon crash) via unspecified vectors, related to "underflow errors."

CVE-2011-0490 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0490):
  Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha makes calls to
  Libevent within Libevent log handlers, which might allow remote attackers to
  cause a denial of service (daemon crash) via vectors that trigger certain
  log messages.

CVE-2011-0427 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0427):
  Heap-based buffer overflow in Tor before 0.2.1.29 and 0.2.2.x before
  0.2.2.21-alpha allows remote attackers to cause a denial of service (memory
  corruption and application crash) or possibly execute arbitrary code via
  unspecified vectors.

CVE-2011-0016 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0016):
  Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properly
  manage key data in memory, which might allow local users to obtain sensitive
  information by leveraging the ability to read memory that was previously
  used by a different process.

CVE-2011-0015 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0015):
  Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properly
  check the amount of compression in zlib-compressed data, which allows remote
  attackers to cause a denial of service via a large compression factor.
Comment 17 Tim Sammut (RETIRED) gentoo-dev 2011-10-14 23:30:59 UTC
CVE-2011-0427 lists possible remote code execution. Rerating B1.
Comment 18 GLSAMaker/CVETool Bot gentoo-dev 2011-10-18 18:29:11 UTC
This issue was resolved and addressed in
 GLSA 201110-13 at http://security.gentoo.org/glsa/glsa-201110-13.xml
by GLSA coordinator Tim Sammut (underling).