#VU44434 Permissions, Privileges, and Access Controls in Tor - CVE-2011-2768

Cybersecurity Help s.r.o.

Published: 2011-12-23 | Updated: 2020-08-11

Vulnerability identifier: #VU44434

Vulnerability risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2011-2768

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Tor
Client/Desktop applications / Web browsers

Vendor: tor.eff.org

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Tor before 0.2.2.34, when configured as a client or bridge, sends a TLS certificate chain as part of an outgoing OR connection, which allows remote relays to bypass intended anonymity properties by reading this chain and then determining the set of entry guards that the client or bridge had selected.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Tor: 0.0.2 - 0.2.2.32

External links
https://www.debian.org/security/2011/dsa-2331
https://blog.torproject.org/blog/tor-02234-released-security-patches

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Gentoo update for Tor

Multiple vulnerabilities in tor.eff Tor