Bug 485021 (CVE-2009-0936, CVE-2009-0937, CVE-2009-0938, CVE-2009-0939) - tor: multiple security fixes in 0.2.0.34 (CVE-2009-0936, CVE-2009-0937, CVE-2009-0938, CVE-2009-0939)
Summary: tor: multiple security fixes in 0.2.0.34 (CVE-2009-0936, CVE-2009-0937, CVE-2...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: CVE-2009-0936, CVE-2009-0937, CVE-2009-0938, CVE-2009-0939
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
: 485439 485441 485442 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-02-11 07:19 UTC by Tomas Hoger
Modified: 2009-12-04 21:00 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-12-04 21:00:41 UTC


Attachments (Terms of Use)

Description Tomas Hoger 2009-02-11 07:19:27 UTC
Quoting tor 0.2.0.34 release announcement:

Security fixes:

    * Fix an infinite-loop bug on handling corrupt votes under certain
      circumstances. Bugfix on 0.2.0.8-alpha.
    * Fix a temporary DoS vulnerability that could be performed by
      a directory mirror. Bugfix on 0.2.0.9-alpha; reported by lark.
    * Avoid a potential crash on exit nodes when processing malformed
      input. Remote DoS opportunity. Bugfix on 0.2.0.33.
    * Do not accept incomplete ipv4 addresses (like 192.168.0) as valid.
      Spec conformance issue. Bugfix on Tor 0.0.2pre27.

https://blog.torproject.org/blog/tor-0.2.0.34-stable-released
http://archives.seul.org/or/announce/Feb-2009/msg00000.html

Comment 1 Tomas Hoger 2009-02-13 16:08:42 UTC
*** Bug 485439 has been marked as a duplicate of this bug. ***

Comment 2 Vincent Danen 2009-02-13 16:16:36 UTC
*** Bug 485441 has been marked as a duplicate of this bug. ***

Comment 3 Vincent Danen 2009-02-13 16:17:13 UTC
*** Bug 485442 has been marked as a duplicate of this bug. ***

Comment 4 Tomas Hoger 2009-03-18 07:41:08 UTC
CVE-2009-0936:
Unspecified vulnerability in Tor before 0.2.0.34 allows attackers to
cause a denial of service (infinite loop) via "corrupt votes."

CVE-2009-0937:
Unspecified vulnerability in Tor before 0.2.0.34 allows directory
mirrors to cause a denial of service via unknown vectors.

CVE-2009-0938:
Unspecified vulnerability in Tor before 0.2.0.34 allows directory
mirrors to cause a denial of service (exit node crash) via "malformed
input."

CVE-2009-0939:
Tor before 0.2.0.34 treats incomplete IPv4 addresses as valid, which
has unknown impact and attack vectors related to "Spec conformance,"
as demonstrated using 192.168.0.

Comment 5 Vincent Danen 2009-12-04 21:00:41 UTC
All current versions of Fedora hae tor 0.2.0.35 or higher so this does not affect Fedora.


Note You need to log in before you can comment on or make changes to this bug.