Multiple Vulnerabilities found in Tor, allows a remote Hacking

TOR, an implementation of second generation Onion Routing, vulnerable to multiple vulnerabilities .  The critical one of which may allows a remote attacker to execute arbitrary code.

A remote attacker could possibly execute arbitrary code or cause a Denial of Service by exploiting the vulnerability. Furthermore, a remote relay the user is directly connected to may be able to disclose anonymous information about that user or enumerate bridges in the user’s connection. According to the Gentoo Linux Advisory, the following vulnerabilities have been found in TOR:

  • When configured as client or bridge, Tor uses the same TLS certificate chain for all outgoing connections (CVE-2011-2768).
  • When configured as a bridge, Tor relays can distinguish incoming bridge connections from client connections (CVE-2011-2769).
  • An error in or/buffers.c could result in a heap-based buffer overflow (CVE-2011-2778).

Researchers recommends TOR users to upgrade to latest version (0.2.2.35)

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s