1) An error exists when parsing certain malformed router descriptors and can be exploited to crash Tor via specially crafted router descriptors.
2) An error within the "connection_edge_process_relay_cell_not_open()" function in src/or/relay.c can be exploited by malicious exit relays to spoof that a client's DNS request resolves to an internal IP address.
The vulnerabilities are reported in versions prior to 0.2.0.35. Other versions may also be affected.
Dear arches please stabilise
Target KEYWORDS="amd64 ppc ppc64 sparc x86 ~x86-fbsd
x86 already done.
This also affects net-misc/tor-0.2.1.15_rc which was hard masked in the tree...now also bumped
Tor before 0.2.0.35 allows remote attackers to cause a denial of
service (application crash) via a malformed router descriptor.
The connection_edge_process_relay_cell_not_open function in
src/or/relay.c in Tor 0.2.x before 0.2.0.35 and 0.1.x before
0.1.2.8-beta allows exit relays to have an unspecified impact by
causing controllers to accept DNS responses that redirect to an
internal IP address via unknown vectors. NOTE: some of these details
are obtained from third party information.
Marked ppc stable, closing since we're the last arch.
(In reply to comment #7)
> Marked ppc stable, closing since we're the last arch.
Please don't close security bugs after stabling, thanks :)
GLSA voting: NO.
NO, too. Closing.