Bug 705192 (CVE-2011-1924) - CVE-2011-1924 tor: remote DoS fixed in 0.2.1.30
Summary: CVE-2011-1924 tor: remote DoS fixed in 0.2.1.30
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: CVE-2011-1924
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 671263 705193 705194
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-05-16 22:20 UTC by Vincent Danen
Modified: 2019-09-29 12:45 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-05-31 03:14:18 UTC
Embargoed:


Attachments (Terms of Use)

Description Vincent Danen 2011-05-16 22:20:41 UTC
A vulnerability in Tor was reported [1] that could allow a malicious remote attacker to cause a denial of service.  This vulnerability is due to a boundary error within the policy_summarize() function in src/or/policies.c which can be exploited to crash a Tor directory authority.

Upstream announced the release of 0.2.1.30 [2] that is noted to correct this flaw.

[1] http://secunia.com/advisories/43548/
[2] https://lists.torproject.org/pipermail/tor-announce/2011-February/000000.html

Comment 1 Vincent Danen 2011-05-16 22:21:38 UTC
Created tor tracking bugs for this issue

Affects: fedora-13 [bug 705193]
Affects: fedora-14 [bug 705194]
Affects: epel-5 [bug 671263]

Comment 2 Vincent Danen 2011-05-17 04:03:49 UTC
The upstream fix is here:

https://gitweb.torproject.org/tor.git/commitdiff/43414eb98821d3b5c6c65181d7545ce938f82c8e

Comment 3 Vincent Danen 2011-05-17 23:40:48 UTC
This was assigned CVE-2011-1924.

Comment 4 Paul Wouters 2013-05-31 03:14:18 UTC
fixed long time ago


Note You need to log in before you can comment on or make changes to this bug.