SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Generic)  >   Tor Vendors:   tor.eff.org
Tor ControlPort Authentication Bug Lets Remote Users Modify the 'torrc' Configuration File
SecurityTracker Alert ID:  1018510
SecurityTracker URL:  http://securitytracker.com/id/1018510
CVE Reference:   CVE-2007-4174   (Links to External Site)
Updated:  Sep 4 2007
Original Entry Date:  Aug 6 2007
Impact:   Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 0.1.2.16
Description:   A vulnerability was reported in Tor. A remote user can overwrite the configuration file.

The system does not properly close unauthenticated control port connections. A remote user (web site or Tor exit node) can supply a specially crafted POST element to cause the target user's browser to connect to the control port via the localhost and modify the 'torrc' configuration file in certain cases.

This can be exploited to compromise the anonymity of Tor users.

The vulnerability resides in 'or/control.c'.

Kyle Williams and Martin Peck reported this vulnerability.

The system is only affected if the 'ControlPort' feature is enabled.
Impact:   A remote user can modify the configuration file.
Solution:   The vendor has issued a fixed version (0.1.2.16).

The Tor advisory is available at:

http://archives.seul.org/or/announce/Sep-2007/msg00000.html
Vendor URL:  tor.eff.org/ (Links to External Site)
Cause:   Access control error
Underlying OS:   Linux (Any), UNIX (Any)

Message History:   None.

 Source Message Contents
Date:  Thu, 2 Aug 2007 18:19:18 -0400
Subject:  Tor 0.1.2.16 is released

Tor 0.1.2.16 fixes a critical security vulnerability that allows a
remote attacker in certain situations to rewrite the user's torrc
configuration file. This can completely compromise anonymity of users
in most configurations, including those running the Vidalia bundles,
TorK, etc. Or worse.

Users who do not have ControlPort enabled are secure; if you are not
sure, you should upgrade and you should probably overwrite your torrc
file with the default when you upgrade. More details will be posted over
the next few days.

https://tor.eff.org/download.html

We have Vidalia bundles for OS X Tiger on the website now. The recommended
workaround for Windows users is either to wait until we have a Vidalia
bundle ready, or do separate installs of the Win32 "expert" package from
https://tor.eff.org/download-windows
and the Windows Vidalia-only package from
http://vidalia-project.net/download.php

Changes in version 0.1.2.16 - 2007-08-01
  o Major security fixes:
    - Close immediately after missing authentication on control port;
      do not allow multiple authentication attempts.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC