[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #5402 [Tor Client]: #5090 allows post-auth heap overflow

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #5402 [Tor Client]: #5090 allows post-auth heap overflow
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Fri, 16 Mar 2012 16:06:59 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 16 Mar 2012 12:07:13 -0400
In-reply-to: <044.12c6c9b06ce0e40b7eeca63a27ddbb2b@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bug tracker status mails <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <044.12c6c9b06ce0e40b7eeca63a27ddbb2b@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#5402: #5090 allows post-auth heap overflow
------------------------+---------------------------------------------------
 Reporter:  arma        |          Owner:                    
     Type:  defect      |         Status:  new               
 Priority:  major       |      Milestone:  Tor: 0.2.2.x-final
Component:  Tor Client  |        Version:                    
 Keywords:              |         Parent:                    
   Points:              |   Actualpoints:                    
------------------------+---------------------------------------------------

Comment(by nickm):

 Replying to [ticket:5402 arma]:
 > Fortunately, it looks like it can only be triggered once you've
 authenticated to the control port (in which case you can already screw the
 user) or if you can edit the torrc file (same). So it's not harmful.

 This line of reasoning is mostly true, but there are exceptions.  For
 example, suppose that somebody has made a custom-built controller or
 torrc-generator program that accepts potentially hostile input but doesn't
 escape it correctly before passing it to Tor.  I don't know of any such
 programs in use, but if there are, that would be one way to exploit this.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5402#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #5402 [Tor Client]: #5090 allows post-auth heap overflow
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #5402 [Tor Client]: #5090 allows post-auth heap overflow
Next by Author: [tor-bugs] #5407 [Website]: return the image captcha to the blog
Previous by thread: Re: [tor-bugs] #5402 [Tor Client]: #5090 allows post-auth heap overflow
Next by thread: Re: [tor-bugs] #5402 [Tor Client]: #5090 allows post-auth heap overflow
Index(es):
- Author
- Thread