[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Attacking the Tor Control Port with Java

On Wed, Oct 10, 2007 at 12:59:56AM -0500, Gregory Fleischer (Lists) wrote:
> On 3 October 2007, Sun announced several critical security updates for
> the Java Runtime Environment at [1].  In particular, [2] describes how
> network access restrictions can be circumvented to connect to
> arbitrary hosts by utilizing DNS rebinding.
> Java exposes a programmatic sockets interface, and a malicious applet
> can construct properly formed control port commands.  If the control
> port is enabled with the NULL authentication and accessible to the web
> browser, the malicious applet can authenticate and send arbitrary
> commands.

Fun stuff. I suspected something like this would be possible.

This is why all the Tor users out there should run Tor (released
Aug 30 2007) or or later (released Aug 26 2007).

Let us know if you find an attack that works on these versions. :)

> To summarize, Tor users with the following conditions may be at risk:
>   - vulnerable version of Java enabled in web browser

If you're running vulnerable versions of Java, you may well be screwed
for other reasons. Another good reason for us to get the dev version of
Torbutton into good shape.