Информационная безопасность
[RU] switch to English


Уязвимости безопасности в tor
Опубликовано:18 сентября 2012 г.
Источник:
SecurityVulns ID:12589
Тип:удаленная
Уровень опасности:
5/10
Описание:Различные DoS-условия, утека информации.
Затронутые продукты:TOR : tor 0.2
CVE:CVE-2012-4419 (The compare_tor_addr_to_addr_policy function in or/policies.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a zero-valued port field that is not properly handled during policy comparison.)
 CVE-2012-3519 (routerlist.c in Tor before 0.2.2.38 uses a different amount of time for relay-list iteration depending on which relay is chosen, which might allow remote attackers to obtain sensitive information about relay selection via a timing side-channel attack.)
 CVE-2012-3518 (The networkstatus_parse_vote_from_string function in routerparse.c in Tor before 0.2.2.38 does not properly handle an invalid flavor name, which allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted (1) vote document or (2) consensus document.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2548-1] tor security update (18.09.2012)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород