Monday, May 29, 2017
Home / Security / Tor: Containing Multiple Vulnerabilities

Tor: Containing Multiple Vulnerabilities

“Multiple vulnerabilities have been found in Tor, the most severe of which may allow a remote attacker to execute arbitrary code.”

What is arbitrary code? and how can it effect the user?

Basically an attacker can run/do anything they want to a system that is running Tor. Basically can take control of your computer, by backdooring or other techniques. Suggestions would be not to use tor until it is patched.

What versions of tor is this effecting?

The latest version: 0.2.2.35

Gentoo Linux says there is no work around at this time, hopefully Tor will come out with a patch for this soon.

Other vulnribilites found in tor:

Multiple vulnerabilities have been discovered in Tor:

When configured as client or bridge, Tor uses the same TLS certificate chain for all outgoing connections (CVE-2011-2768).
When configured as a bridge, Tor relays can distinguish incoming bridge connections from client connections (CVE-2011-2769).
An error in or/buffers.c could result in a heap-based buffer overflow (CVE-2011-2778).

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Amazon hacked – hacker leaks 80,000 login credentials

A hacker going by the name 0x2Taylor has said to have breached the servers of …

  • Shpook,I agree with your theory that aknimg software secure by design is much better than test software for vulnerabilities, but in my opinion this is just a theory, not more than that. Until software is secure, what would you do if you were a webmaster running Apache, PHP, MYSQL and a few ready made blog, forum, cms packages? would you fix the bugs? How? Isn’t it easier to run a watchdog that will tell you when something is wrong?