“Multiple vulnerabilities have been found in Tor, the most severe of which may allow a remote attacker to execute arbitrary code.”
What is arbitrary code? and how can it effect the user?
Basically an attacker can run/do anything they want to a system that is running Tor. Basically can take control of your computer, by backdooring or other techniques. Suggestions would be not to use tor until it is patched.
What versions of tor is this effecting?
The latest version: 0.2.2.35
Gentoo Linux says there is no work around at this time, hopefully Tor will come out with a patch for this soon.
Other vulnribilites found in tor:
Multiple vulnerabilities have been discovered in Tor:
When configured as client or bridge, Tor uses the same TLS certificate chain for all outgoing connections (CVE-2011-2768).
When configured as a bridge, Tor relays can distinguish incoming bridge connections from client connections (CVE-2011-2769).
An error in or/buffers.c could result in a heap-based buffer overflow (CVE-2011-2778).
Shpook,I agree with your theory that aknimg software secure by design is much better than test software for vulnerabilities, but in my opinion this is just a theory, not more than that. Until software is secure, what would you do if you were a webmaster running Apache, PHP, MYSQL and a few ready made blog, forum, cms packages? would you fix the bugs? How? Isn’t it easier to run a watchdog that will tell you when something is wrong?