770017 – (CVE-2011-4896) CVE-2011-4896 Tor Bridge information disclosure

Bug 770017 (CVE-2011-4896) - CVE-2011-4896 Tor Bridge information disclosure

Summary: CVE-2011-4896 Tor Bridge information disclosure

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	CVE-2011-4896
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	771512 771513
Blocks:	885973
TreeView+	depends on / blocked

Reported:	2011-12-23 02:45 UTC by Kurt Seifried
Modified:	2019-09-29 12:49 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-03-26 15:07:43 UTC
Embargoed:

Attachments	(Terms of Use)

Description Kurt Seifried 2011-12-23 02:45:45 UTC

https://blog.torproject.org/blog/tor-02224-alpha-out

Tor before 0.2.2.24-alpha continues to use a reachable bridge that was
previously configured but is not currently configured, which might
allow remote attackers to obtain sensitive information about clients
in opportunistic circumstances by monitoring network traffic to the
bridge port.

Comment 1 Vincent Danen 2012-01-03 22:59:31 UTC

Created tor tracking bugs for this issue

Affects: fedora-all [bug 771512]
Affects: epel-all [bug 771513]

Comment 2 Vincent Danen 2013-03-26 15:07:43 UTC

Current EPEL and Fedora provide 0.2.3.25 which includes this fix.

Note You need to log in before you can comment on or make changes to this bug.