what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

CVE-2011-2768

Status Candidate

Overview

Tor before 0.2.2.34, when configured as a client or bridge, sends a TLS certificate chain as part of an outgoing OR connection, which allows remote relays to bypass intended anonymity properties by reading this chain and then determining the set of entry guards that the client or bridge had selected.

Related Files

Mandriva Linux Security Advisory 2013-132
Posted Apr 11, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-132 - Tor before 0.2.2.34, when configured as a client or bridge, sends a TLS certificate chain as part of an outgoing OR connection, which allows remote relays to bypass intended anonymity properties by reading this chain and then determining the set of entry guards that the client or bridge had selected. Tor before 0.2.2.34, when configured as a bridge, accepts the CREATE and CREATE_FAST values in the Command field of a cell within an OR connection that it initiated, which allows remote relays to enumerate bridges by using these values. Various other vulnerabilities have been addressed.

tags | advisory, remote, vulnerability
systems | linux, mandriva
advisories | CVE-2011-2768, CVE-2011-2769, CVE-2012-3517, CVE-2012-3518, CVE-2012-3519, CVE-2012-4419, CVE-2012-5573
SHA-256 | 5ee102c8464d210c11eb70256fe5f9fdeb5edd501b3b5eb68b0590a9bb1f0ee1
Gentoo Linux Security Advisory 201201-12
Posted Jan 24, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201201-12 - Multiple vulnerabilities have been found in Tor, the most severe of which may allow a remote attacker to execute arbitrary code. Versions less than 0.2.2.35 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2011-2768, CVE-2011-2769, CVE-2011-2778
SHA-256 | 943ff2286887d1ad7d1647d5bebba8ac436407869da417fc7f1de689f9ecd0bf
TOR Virtual Network Tunneling Tool 0.2.2.34
Posted Nov 3, 2011
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: This release fixes a critical anonymity vulnerability where an attacker can deanonymize Tor users. Everybody should upgrade. This release also fixes several vulnerabilities that allow an attacker to enumerate bridge relays.
tags | tool, remote, local, peer2peer
systems | unix
advisories | CVE-2011-2768
SHA-256 | a027a535b35e5f9ca7091e4c83a06b4be48f0f95d6906bdd467ccc0659e7e798
Debian Security Advisory 2331-1
Posted Oct 28, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2331-1 - It has been discovered by "frosty_un" that a design flaw in Tor, an online privacy tool, allows malicious relay servers to learn certain information that they should not be able to learn. Specifically, a relay that a user connects to directly could learn which other relays that user is connected to directly. In combination with other attacks, this issue can lead to deanonymizing the user.

tags | advisory
systems | linux, debian
advisories | CVE-2011-2768, CVE-2011-2769
SHA-256 | 8b1672be4f3678af70341ab391fb0860e4fa8be12f8eab0fcba0112843133bf1
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    0 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close