exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 3 of 3 RSS Feed

CVE-2011-2778

Status Candidate

Overview

Multiple heap-based buffer overflows in Tor before 0.2.2.35 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by (1) establishing a SOCKS connection to SocksPort or (2) leveraging a SOCKS proxy configuration.

Related Files

Gentoo Linux Security Advisory 201201-12
Posted Jan 24, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201201-12 - Multiple vulnerabilities have been found in Tor, the most severe of which may allow a remote attacker to execute arbitrary code. Versions less than 0.2.2.35 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2011-2768, CVE-2011-2769, CVE-2011-2778
SHA-256 | 943ff2286887d1ad7d1647d5bebba8ac436407869da417fc7f1de689f9ecd0bf
TOR Virtual Network Tunneling Tool 0.2.2.35
Posted Dec 18, 2011
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: This release fixes a critical heap overflow security issue in Tor's buffers code. Absolutely everybody should upgrade. The bug relied on an incorrect calculation when making data continuous in one of the IO buffers, if the first chunk of the buffer was misaligned by just the wrong amount. The miscalculation would allow an attacker to overflow a piece of heap-allocated memory. Various other fixes and enhancements are included in this release.
tags | tool, remote, local, peer2peer
systems | unix
advisories | CVE-2011-2778
SHA-256 | f141a41fffd31494a0f96ebbb6b999eab33ce62d5c31f81222a0acd034adbf3a
Debian Security Advisory 2363-1
Posted Dec 16, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2363-1 - It was discovered that Tor, an online privacy tool, incorrectly computes buffer sizes in certain cases involving SOCKS connections. Malicious parties could use this to cause a heap-based buffer overflow, potentially allowing execution of arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2011-2778
SHA-256 | 4d93cff7109a53fbb65bb80344ad915bb382f8e6a33706536441d657c78827c1
Page 1 of 1
Back1Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close