[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #2151 [Torbutton]: Security Hole: FTP and Gopher

To: undisclosed-recipients:;
Subject: [tor-bugs] #2151 [Torbutton]: Security Hole: FTP and Gopher
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Mon, 01 Nov 2010 21:03:03 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 01 Nov 2010 17:03:15 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bugs reporting list for trac <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#2151: Security Hole: FTP and Gopher
-----------------------------+----------------------------------------------
 Reporter:  johndoe32102002  |       Owner:  mikeperry       
     Type:  defect           |      Status:  new             
 Priority:  critical         |   Milestone:                  
Component:  Torbutton        |     Version:  Torbutton: 1.2.5
 Keywords:                   |      Parent:                  
-----------------------------+----------------------------------------------
 In TorButton's Preferences, the programmer left out FTP and Gopher
 settings.  This is a security hole because a malicious webserver/user can
 post a gopher or ftp link on a website or onion site visited through TOR
 and expose the user's external IP address.

 Patch: A patch must be released that updates FTP and Gopher with a null
 proxy, such as 127.0.0.1:1 (and have the TorButton ensure no service is
 running on the null port).

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2151>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #2151 [Torbutton]: Security Hole: FTP and Gopher
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #2151 [Torbutton]: Security Hole: FTP and Gopher
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #2151 [Torbutton]: Security Hole: FTP and Gopher
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #2151 [Torbutton]: Security Hole: FTP and Gopher
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #2081 [Tor Client]: Remove restriction to not send relay_early for rend circs
Next by Author: Re: [tor-bugs] #2151 [Torbutton]: Security Hole: FTP and Gopher
Previous by thread: Re: [tor-bugs] #1859 [Tor Client]: Using 'mytorexitnode.exit' request when mytorexitnode is both exit and client
Next by thread: Re: [tor-bugs] #2151 [Torbutton]: Security Hole: FTP and Gopher
Index(es):
- Author
- Thread