Tor and Torsocks updates
John Newman
jnn at synfin.org
Thu Oct 20 04:37:39 PDT 2016
> On Oct 20, 2016, at 7:26 AM, Georgi Guninski <guninski at guninski.com> wrote:
>
>> On Thu, Oct 20, 2016 at 12:27:32AM -0400, grarpamp wrote:
>> For people using tor...
>>
>> https://blog.torproject.org/blog/tor-0289-released-important-fixes
>> https://lists.torproject.org/pipermail/tor-dev/2016-October/011579.html
>
> * Fix memcpy buffer overrun in gethostbyaddr()
> * Fix memcpy() buffer overrun in gethostbyname()
>
>
> Modifications of these were exploitable at least 20 years ago ;)
>
> Probably tor will have hard time showing they are not exploitable,
> especially when they lack exploit imagination.
>
> Did I troll that tor allows remote code execution? (Certainly).
>
That's funny :). On the torsocks change list they just sort of blatantly slipped it in.
On the first link they actually seem to speak to it, although I think they underplay implication -
"Major features (security fixes, also in 0.2.9.4-alpha):
Prevent a class of security bugs caused by treating the contents of a buffer chunk as if they were a NUL-terminated string. At least one such bug seems to be present in all currently used versions of Tor, and would allow an attacker to remotely crash most Tor instances, especially those compiled with extra compiler hardening. With this defense in place, such bugs can't crash Tor, though we should still fix them as they occur. Closes ticket 20384 (TROVE-2016-10-001)."
John
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2790 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20161020/967cd6e3/attachment.txt>
More information about the cypherpunks
mailing list