#VU8851 Information disclosure in Tor - CVE-2017-0380

Cybersecurity Help s.r.o.

Published: 2017-10-09 | Updated: 2017-10-17

Vulnerability identifier: #VU8851

Vulnerability risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-0380

CWE-ID: CWE-200

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Tor
Client/Desktop applications / Web browsers

Vendor: tor.eff.org

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists in the rend_service_intro_established() function in 'or/rendservice.c due to the system may log uninitialized stack contents when a certain hidden service error occurs while SafeLogging is disabled. A remote attacker can use an error message about the construction of an introduction point circuit and gain access to potentially sensitive information from uninitialized stack memory.

Mitigation
The vulnerability is addressed in the following versions: 0.2.8.15, 0.2.9.12, 0.3.0.11.

Vulnerable software versions

Tor: 0.2.8.1 - 0.3.2.1

External links
https://blog.torproject.org/new-tor-stable-releases-02815-02912-03011-fix-onion-service-security-iss...

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Information disclosure in Tor

Information disclosure in tor (Alpine package)

Debian update for tor