Tor Unspecified Heap Based Buffer Overflow Vulnerability (Linux) Network Vulnerability

Summary

This host is installed with Tor and is prone to heap based buffer overflow vulnerability.

Impact

Successful exploitation will allow remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts will likely result in denial-of-service conditions. Impact level: Application

Solution

Upgrade to version 0.2.1.28 or 0.2.2.20-alpha or later http://www.torproject.org/download/download.html.en

Insight

The issue is caused by an unknown heap overflow error when processing user-supplied data, which can be exploited to cause a heap-based buffer overflow.

Affected

Tor version prior to 0.2.1.28 and 0.2.2.x before 0.2.2.20-alpha on Linux.

References

http://secunia.com/advisories/42536
http://www.vupen.com/english/advisories/2010/3290

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1676
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Cscope Multiple Buffer Overflow vulnerability
Adobe Air Buffer Overflow Vulnerability (Mac OS X)
CA Internet Security Suite Plus 'KmxSbx.sys' Buffer Overflow Vulnerability
Beatport Player '.m3u' File Buffer Overflow Vulnerability
Dell Webcam 'crazytalk4.ocx' ActiveX Multiple BOF Vulnerabilities

Take action and discover your vulnerabilities