Bug 485021 (CVE-2009-0936, CVE-2009-0937, CVE-2009-0938, CVE-2009-0939)

Summary: tor: multiple security fixes in 0.2.0.34 (CVE-2009-0936, CVE-2009-0937, CVE-2009-0938, CVE-2009-0939)
Product: [Other] Security Response Reporter: Tomas Hoger <thoger>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: rh-bugzilla, vdanen
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-12-04 21:00:41 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Tomas Hoger 2009-02-11 07:19:27 UTC
Quoting tor 0.2.0.34 release announcement:

Security fixes:

    * Fix an infinite-loop bug on handling corrupt votes under certain
      circumstances. Bugfix on 0.2.0.8-alpha.
    * Fix a temporary DoS vulnerability that could be performed by
      a directory mirror. Bugfix on 0.2.0.9-alpha; reported by lark.
    * Avoid a potential crash on exit nodes when processing malformed
      input. Remote DoS opportunity. Bugfix on 0.2.0.33.
    * Do not accept incomplete ipv4 addresses (like 192.168.0) as valid.
      Spec conformance issue. Bugfix on Tor 0.0.2pre27.

https://blog.torproject.org/blog/tor-0.2.0.34-stable-released
http://archives.seul.org/or/announce/Feb-2009/msg00000.html

Comment 1 Tomas Hoger 2009-02-13 16:08:42 UTC
*** Bug 485439 has been marked as a duplicate of this bug. ***

Comment 2 Vincent Danen 2009-02-13 16:16:36 UTC
*** Bug 485441 has been marked as a duplicate of this bug. ***

Comment 3 Vincent Danen 2009-02-13 16:17:13 UTC
*** Bug 485442 has been marked as a duplicate of this bug. ***

Comment 4 Tomas Hoger 2009-03-18 07:41:08 UTC
CVE-2009-0936:
Unspecified vulnerability in Tor before 0.2.0.34 allows attackers to
cause a denial of service (infinite loop) via "corrupt votes."

CVE-2009-0937:
Unspecified vulnerability in Tor before 0.2.0.34 allows directory
mirrors to cause a denial of service via unknown vectors.

CVE-2009-0938:
Unspecified vulnerability in Tor before 0.2.0.34 allows directory
mirrors to cause a denial of service (exit node crash) via "malformed
input."

CVE-2009-0939:
Tor before 0.2.0.34 treats incomplete IPv4 addresses as valid, which
has unknown impact and attack vectors related to "Spec conformance,"
as demonstrated using 192.168.0.

Comment 5 Vincent Danen 2009-12-04 21:00:41 UTC
All current versions of Fedora hae tor 0.2.0.35 or higher so this does not affect Fedora.