Tor Directory Authority 'policy_summarize' Denial Of Service Vulnerability (Windows) Network Vulnerability

Summary

This host is installed with Tor and is prone to buffer overflow vulnerability.

Impact

Successful exploitation will allow remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts will likely result in denial-of-service conditions. Impact level: Application

Solution

Upgrade to Tor version 0.2.1.30 or later http://www.torproject.org/download/download.html.en

Insight

The flaw is caused by an boundary error within the policy_summarize function in Tor, which can be exploited to crash a Tor directory authority.

Affected

Tor version prior to 0.2.1.30 on Windows.

References

http://secunia.com/advisories/43548

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1924
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

FreeType Memory Corruption and Buffer Overflow Vulnerabilities (Windows)
Django Forms Library Algorithmic Complexity Vulnerability
F-Secure Policy Manager Server fsmsh.dll module DoS
Apple Safari JavaScript 'Reload()' DoS Vulnerability - July09
Connect back to SOCKS4 server

Tor Directory Authority 'policy_summarize' Denial of Service Vulnerability (Windows)

Take action and discover your vulnerabilities