SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Tor Vendors:   tor.eff.org
Tor ControlPort Authentication Bug Lets Remote Users Modify the 'torrc' Configuration File
SecurityTracker Alert ID:  1018510
SecurityTracker URL:  http://securitytracker.com/id/1018510
CVE Reference:   CVE-2007-4174   (Links to External Site)
Updated:  Sep 4 2007
Original Entry Date:  Aug 6 2007
Impact:   Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 0.1.2.16
Description:   A vulnerability was reported in Tor. A remote user can overwrite the configuration file.

The system does not properly close unauthenticated control port connections. A remote user (web site or Tor exit node) can supply a specially crafted POST element to cause the target user's browser to connect to the control port via the localhost and modify the 'torrc' configuration file in certain cases.

This can be exploited to compromise the anonymity of Tor users.

The vulnerability resides in 'or/control.c'.

Kyle Williams and Martin Peck reported this vulnerability.

The system is only affected if the 'ControlPort' feature is enabled.

Impact:   A remote user can modify the configuration file.
Solution:   The vendor has issued a fixed version (0.1.2.16).

The Tor advisory is available at:

http://archives.seul.org/or/announce/Sep-2007/msg00000.html

Vendor URL:  tor.eff.org/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC