CVE-2011-2768

Related Files

Mandriva Linux Security Advisory 2013-132

Posted Apr 11, 2013

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-132 - Tor before 0.2.2.34, when configured as a client or bridge, sends a TLS certificate chain as part of an outgoing OR connection, which allows remote relays to bypass intended anonymity properties by reading this chain and then determining the set of entry guards that the client or bridge had selected. Tor before 0.2.2.34, when configured as a bridge, accepts the CREATE and CREATE_FAST values in the Command field of a cell within an OR connection that it initiated, which allows remote relays to enumerate bridges by using these values. Various other vulnerabilities have been addressed.

tags | advisory, remote, vulnerability

systems | linux, mandriva

advisories | CVE-2011-2768, CVE-2011-2769, CVE-2012-3517, CVE-2012-3518, CVE-2012-3519, CVE-2012-4419, CVE-2012-5573

SHA-256 | 5ee102c8464d210c11eb70256fe5f9fdeb5edd501b3b5eb68b0590a9bb1f0ee1

Download | Favorite | View

Gentoo Linux Security Advisory 201201-12

Posted Jan 24, 2012

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201201-12 - Multiple vulnerabilities have been found in Tor, the most severe of which may allow a remote attacker to execute arbitrary code. Versions less than 0.2.2.35 are affected.

tags | advisory, remote, arbitrary, vulnerability

systems | linux, gentoo

advisories | CVE-2011-2768, CVE-2011-2769, CVE-2011-2778

SHA-256 | 943ff2286887d1ad7d1647d5bebba8ac436407869da417fc7f1de689f9ecd0bf

Download | Favorite | View

TOR Virtual Network Tunneling Tool 0.2.2.34

Posted Nov 3, 2011

Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: This release fixes a critical anonymity vulnerability where an attacker can deanonymize Tor users. Everybody should upgrade. This release also fixes several vulnerabilities that allow an attacker to enumerate bridge relays.

tags | tool, remote, local, peer2peer

systems | unix

advisories | CVE-2011-2768

SHA-256 | a027a535b35e5f9ca7091e4c83a06b4be48f0f95d6906bdd467ccc0659e7e798

Download | Favorite | View

Debian Security Advisory 2331-1

Posted Oct 28, 2011

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2331-1 - It has been discovered by "frosty_un" that a design flaw in Tor, an online privacy tool, allows malicious relay servers to learn certain information that they should not be able to learn. Specifically, a relay that a user connects to directly could learn which other relays that user is connected to directly. In combination with other attacks, this issue can lead to deanonymizing the user.

tags | advisory

systems | linux, debian

advisories | CVE-2011-2768, CVE-2011-2769

SHA-256 | 8b1672be4f3678af70341ab391fb0860e4fa8be12f8eab0fcba0112843133bf1

Download | Favorite | View