Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 434882 (CVE-2012-4419) - <net-misc/tor-0.2.2.39 : Denial of Service (CVE-2012-{4419,4922})
Summary: <net-misc/tor-0.2.2.39 : Denial of Service (CVE-2012-{4419,4922})
Status: RESOLVED FIXED
Alias: CVE-2012-4419
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: B3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2012-09-13 09:40 UTC by Agostino Sarubbo
Modified: 2013-01-09 00:29 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2012-09-13 09:40:17 UTC
From oss-security:

Hi,
from the tor release notes[0]:
Changes in version 0.2.2.39 - 2012-09-11
  Tor 0.2.2.39 fixes two more opportunities for remotely triggerable 
  assertions.

  o Security fixes:
    - Fix an assertion failure in tor_timegm() that could be triggered
      by a badly formatted directory object. Bug found by fuzzing with
      Radamsa. Fixes bug 6811; bugfix on 0.2.0.20-rc.
    - Do not crash when comparing an address with port value 0 to an
      address policy. This bug could have been used to cause a remote
      assertion failure by or against directory authorities, or to
      allow some applications to crash clients. Fixes bug 6690; bugfix
      on 0.2.1.10-alpha.

I have not seen CVE ids for these issues.
Can you assign ids for them?

[0] https://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ReleaseNotes
Comment 1 Agostino Sarubbo gentoo-dev 2012-09-14 14:53:27 UTC
Is ok to stabilize 0.2.2.39 ?
Comment 2 Anthony Basile gentoo-dev 2012-09-15 01:45:47 UTC
Please begin stabilization.  I'll take care of arm/ppc/ppc64


TARGET: amd64 arm  ppc ppc64 sparc x86
Comment 3 Anthony Basile gentoo-dev 2012-09-15 02:06:48 UTC
stable arm ppc ppc64
Comment 4 Agostino Sarubbo gentoo-dev 2012-09-15 10:20:19 UTC
x86 stable
Comment 5 Agostino Sarubbo gentoo-dev 2012-09-15 10:22:14 UTC
amd64 stable
Comment 6 Raúl Porcel (RETIRED) gentoo-dev 2012-09-15 18:01:25 UTC
sparc stable
Comment 7 Agostino Sarubbo gentoo-dev 2012-09-15 19:27:15 UTC
Thanks everyone, @security, please vote.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2012-09-16 14:00:11 UTC
CVE-2012-4922 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4922):
  The tor_timegm function in common/util.c in Tor before 0.2.2.39, and 0.2.3.x
  before 0.2.3.22-rc, does not properly validate time values, which allows
  remote attackers to cause a denial of service (assertion failure and daemon
  exit) via a malformed directory object, a different vulnerability than
  CVE-2012-4419.

CVE-2012-4419 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4419):
  The compare_tor_addr_to_addr_policy function in or/policies.c in Tor before
  0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote attackers to cause a
  denial of service (assertion failure and daemon exit) via a zero-valued port
  field that is not properly handled during policy comparison.
Comment 9 Sean Amoss gentoo-dev Security 2012-09-19 10:40:10 UTC
GLSA vote: yes.
Comment 10 Tim Sammut (RETIRED) gentoo-dev 2012-09-20 23:40:53 UTC
GLSA Vote: yes. Added to existing request.
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2013-01-09 00:29:38 UTC
This issue was resolved and addressed in
 GLSA 201301-03 at http://security.gentoo.org/glsa/glsa-201301-03.xml
by GLSA coordinator Sean Amoss (ackle).