|
|
|
|
08-29-2006, 09:36 PM
|
#1 |
More Tor bug updates
The short version:
Upgrade to 0.1.1.23. Impact: A malicious entry node (the first Tor server in your path) can route traffic through your Tor client as though you're a server. It can only route traffic to other Tor servers though -- it can't induce any "exit" connections. Versions affected: All versions of Tor in the 0.1.0.x series earlier than 0.1.0.18. All versions of Tor in the 0.1.1.x series earlier than 0.1.1.23. The experimental snapshot 0.1.2.1-alpha-cvs. Solution: Upgrade to at least Tor 0.1.1.23. If you absolutely must stay with the 0.1.0.x series, I've put a patched tarball for the old 0.1.0.x series at: http://tor.eff.org/dist/tor-0.1.0.18.tar.gz http://tor.eff.org/dist/tor-0.1.0.18.tar.gz.asc More details: There is a bug in older versions of Tor that allows a hostile Tor server to crash your Tor process, or route traffic through your client to the Tor network as though it were a server. To exploit this bug, an attacker needs to be or compromise the first Tor server in one of your circuits. (Other Tor servers on your path can't do it.) This is a client-only bug; servers are not affected. If you didn't upgrade when we released 0.1.1.23 and said "you should upgrade"... you should upgrade. We'll write a more detailed advisory in a little while, after more people have upgraded. --Roger TwistyCreek |
|
|
 |
| Thread Tools | Search this Thread |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Re: Question about MS critical updates | juhu | A+ Certification | 2 | 07-05-2004 01:28 PM |
| Re: Question about MS critical updates | John Coode | A+ Certification | 0 | 06-30-2004 06:08 PM |
| Re: Question about MS critical updates | juhu | A+ Certification | 0 | 06-30-2004 03:12 PM |
| Re: Question about MS critical updates | Chris | A+ Certification | 1 | 06-30-2004 01:59 PM |
| Re: Question about MS critical updates | John Loop | A+ Certification | 0 | 06-30-2004 01:09 PM |
