Tor and Torsocks updates
Georgi Guninski
guninski at guninski.com
Thu Oct 20 04:26:16 PDT 2016
On Thu, Oct 20, 2016 at 12:27:32AM -0400, grarpamp wrote:
> For people using tor...
>
> https://blog.torproject.org/blog/tor-0289-released-important-fixes
> https://lists.torproject.org/pipermail/tor-dev/2016-October/011579.html
* Fix memcpy buffer overrun in gethostbyaddr()
* Fix memcpy() buffer overrun in gethostbyname()
Modifications of these were exploitable at least 20 years ago ;)
Probably tor will have hard time showing they are not exploitable,
especially when they lack exploit imagination.
Did I troll that tor allows remote code execution? (Certainly).
More information about the cypherpunks
mailing list