Details of VAR-201208-0157

ID

VAR-201208-0157

CVE

CVE-2012-3517

TITLE

Tor of dns.c Denial of service in Japan ( Daemon crash ) Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2012-003893

DESCRIPTION

Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might allow remote attackers to cause a denial of service (daemon crash) via vectors related to failed DNS requests. Tor (The Onion Router) is an implementation of the second generation of onion routing, which allows users to communicate anonymously over the Internet. Tor has a remote vulnerability in its implementation. Multiple denial-of-service vulnerabilities. 2. An information-disclosure vulnerability. 3. An out-of-bounds memory-access vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2013:132 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : tor Date : April 10, 2013 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated tor package fixes security vulnerabilities: Tor before 0.2.2.34, when configured as a client or bridge, sends a TLS certificate chain as part of an outgoing OR connection, which allows remote relays to bypass intended anonymity properties by reading this chain and then determining the set of entry guards that the client or bridge had selected (CVE-2011-2768). Tor before 0.2.2.34, when configured as a bridge, accepts the CREATE and CREATE_FAST values in the Command field of a cell within an OR connection that it initiated, which allows remote relays to enumerate bridges by using these values (CVE-2011-2769). routerlist.c in Tor before 0.2.2.38 uses a different amount of time for relay-list iteration depending on which relay is chosen, which might allow remote attackers to obtain sensitive information about relay selection via a timing side-channel attack (CVE-2012-3519). Tor before 0.2.2.39, when waiting for a client to renegotiate, allowed it to add bytes to the input buffer, allowing a crash to be caused remotely (tor-5934, tor-6007). The version of Tor shipped in MBS1 did not have correctly formed systemd unit and thus failed to start. This updated version corrects this problem and restores working behaviour. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2768 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2769 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3517 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3518 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3519 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5573 https://wiki.mageia.org/en/Support/Advisories/MGAA-2012-0184 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0276 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0356 _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: 8cadc920e4452cd2a3551a3cb01d9fcf mbs1/x86_64/tor-0.2.2.39-1.mbs1.x86_64.rpm 7cbba7170bc4f9e6ee8409398437570c mbs1/SRPMS/tor-0.2.2.39-1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFRZVsDmqjQ0CJFipgRAm9IAJ9tYUVrI7u2V+7yJGNLn2OVMdOzcACgyrhf PUIroe88x4NDpj7AUyd2YP8= =x4YG -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201301-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Tor: Multiple vulnerabilities Date: January 08, 2013 Bugs: #432188, #434882, #444804 ID: 201301-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Tor, allowing attackers to cause Denial of Service or obtain sensitive information. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Tor users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/tor-0.2.3.25" References ========== [ 1 ] CVE-2012-3517 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3517 [ 2 ] CVE-2012-3518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3518 [ 3 ] CVE-2012-3519 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3519 [ 4 ] CVE-2012-4419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4419 [ 5 ] CVE-2012-4922 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4922 [ 6 ] CVE-2012-5573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5573 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201301-03.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Trust: 2.61

sources: NVD: CVE-2012-3517 // JVNDB: JVNDB-2012-003893 // CNVD: CNVD-2012-4470 // BID: 55128 // PACKETSTORM: 121258 // PACKETSTORM: 119351

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2012-4470

AFFECTED PRODUCTS

vendor:	tor	model:	tor	scope:	lte	version:	0.2.2.37	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.2.2.37	Trust: 0.9
vendor:	the tor	model:	tor	scope:	lt	version:	0.2.2.38	Trust: 0.8
vendor:	tor	model:	tor	scope:	eq	version:	0.2.x	Trust: 0.6
vendor:	tor	model:	tor	scope:	eq	version:	0.2.225	Trust: 0.3
vendor:	tor	model:	tor	scope:	eq	version:	0.2.224	Trust: 0.3
vendor:	tor	model:	.21-alpha	scope:	eq	version:	0.2.2	Trust: 0.3
vendor:	tor	model:	.20-alpha	scope:	eq	version:	0.2.2	Trust: 0.3
vendor:	tor	model:	.19-alpha	scope:	eq	version:	0.2.2	Trust: 0.3
vendor:	tor	model:	.18-alpha	scope:	eq	version:	0.2.2	Trust: 0.3
vendor:	tor	model:	.17-alpha	scope:	eq	version:	0.2.2	Trust: 0.3
vendor:	tor	model:	.16-alpha	scope:	eq	version:	0.2.2	Trust: 0.3
vendor:	tor	model:	.15-alpha	scope:	eq	version:	0.2.2	Trust: 0.3
vendor:	tor	model:	.14-alpha	scope:	eq	version:	0.2.2	Trust: 0.3
vendor:	tor	model:	tor	scope:	eq	version:	0.2.2	Trust: 0.3
vendor:	tor	model:	tor	scope:	eq	version:	0.2.2.34	Trust: 0.3
vendor:	mandriva	model:	business server	scope:	eq	version:	1x8664	Trust: 0.3
vendor:	mandriva	model:	business server	scope:	eq	version:	1	Trust: 0.3
vendor:	tor	model:	tor	scope:	ne	version:	0.2.2.38	Trust: 0.3

sources: CNVD: CNVD-2012-4470 // BID: 55128 // JVNDB: JVNDB-2012-003893 // CNNVD: CNNVD-201208-380 // NVD: CVE-2012-3517

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-3517
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-3517
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201208-380
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2012-3517
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

sources: JVNDB: JVNDB-2012-003893 // CNNVD: CNNVD-201208-380 // NVD: CVE-2012-3517

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.8

sources: JVNDB: JVNDB-2012-003893 // NVD: CVE-2012-3517

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 121258 // CNNVD: CNNVD-201208-380

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201208-380

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-003893

PATCH

title:	openSUSE-SU-2012:1068	url:	http://lists.opensuse.org/opensuse-updates/2012-08/msg00048.html	Trust: 0.8
title:	Bug 849949	url:	https://bugzilla.redhat.com/show_bug.cgi?id=849949	Trust: 0.8
title:	Tor 0.2.2.38 is released	url:	https://lists.torproject.org/pipermail/tor-announce/2012-August/000086.html	Trust: 0.8
title:	tor.git / commit	url:	https://gitweb.torproject.org/tor.git/commit/62637fa22405278758febb1743da9af562524d4c	Trust: 0.8
title:	Ticket #6480	url:	https://trac.torproject.org/projects/tor/ticket/6480	Trust: 0.8
title:	Tor denies service patch vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/20698	Trust: 0.6

sources: CNVD: CNVD-2012-4470 // JVNDB: JVNDB-2012-003893

EXTERNAL IDS

db:	NVD	id:	CVE-2012-3517	Trust: 3.5
db:	OPENWALL	id:	OSS-SECURITY/2012/08/21/6	Trust: 1.6
db:	BID	id:	55128	Trust: 1.5
db:	JVNDB	id:	JVNDB-2012-003893	Trust: 0.8
db:	CNVD	id:	CNVD-2012-4470	Trust: 0.6
db:	NSFOCUS	id:	20408	Trust: 0.6
db:	MLIST	id:	[OSS-SECURITY] 20120821 RE: CVE REQUEST -- TOR 0.2.2.38: THREE ISSUES	Trust: 0.6
db:	MLIST	id:	[TOR-ANNOUNCE] 20120819 TOR 0.2.2.38 IS RELEASED	Trust: 0.6
db:	CNNVD	id:	CNNVD-201208-380	Trust: 0.6
db:	PACKETSTORM	id:	121258	Trust: 0.1
db:	PACKETSTORM	id:	119351	Trust: 0.1

sources: CNVD: CNVD-2012-4470 // BID: 55128 // JVNDB: JVNDB-2012-003893 // PACKETSTORM: 121258 // PACKETSTORM: 119351 // CNNVD: CNNVD-201208-380 // NVD: CVE-2012-3517

REFERENCES

url:	https://trac.torproject.org/projects/tor/ticket/6480	Trust: 1.6
url:	https://lists.torproject.org/pipermail/tor-announce/2012-august/000086.html	Trust: 1.6
url:	https://gitweb.torproject.org/tor.git/commit/62637fa22405278758febb1743da9af562524d4c	Trust: 1.6
url:	https://bugzilla.redhat.com/show_bug.cgi?id=849949	Trust: 1.6
url:	http://openwall.com/lists/oss-security/2012/08/21/6	Trust: 1.6
url:	http://www.securityfocus.com/bid/55128	Trust: 1.2
url:	http://security.gentoo.org/glsa/glsa-201301-03.xml	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-updates/2012-08/msg00048.html	Trust: 1.0
url:	http://lists.fedoraproject.org/pipermail/package-announce/2012-september/088006.html	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3517	Trust: 0.9
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3517	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/20408	Trust: 0.6
url:	http://marc.info/?l=oss-security&m=134555757608675&w=2	Trust: 0.3
url:	http://www.torproject.org/index.html.en	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2012-3519	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2012-4419	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2012-3517	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2012-3518	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2012-5573	Trust: 0.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2769	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3518	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2768	Trust: 0.1
url:	https://wiki.mageia.org/en/support/advisories/mgasa-2012-0276	Trust: 0.1
url:	http://www.mandriva.com/en/support/security/	Trust: 0.1
url:	https://wiki.mageia.org/en/support/advisories/mgaa-2012-0184	Trust: 0.1
url:	http://www.mandriva.com/en/support/security/advisories/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-2768	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5573	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3519	Trust: 0.1
url:	https://wiki.mageia.org/en/support/advisories/mgasa-2012-0356	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-2769	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4419	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4922	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3517	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5573	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3519	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-4922	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3518	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4419	Trust: 0.1
url:	http://security.gentoo.org/	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1

sources: CNVD: CNVD-2012-4470 // BID: 55128 // JVNDB: JVNDB-2012-003893 // PACKETSTORM: 121258 // PACKETSTORM: 119351 // CNNVD: CNNVD-201208-380 // NVD: CVE-2012-3517

CREDITS

Arma, Asn, and Nickm

Trust: 0.9

sources: BID: 55128 // CNNVD: CNNVD-201208-380

SOURCES

db:	CNVD	id:	CNVD-2012-4470
db:	BID	id:	55128
db:	JVNDB	id:	JVNDB-2012-003893
db:	PACKETSTORM	id:	121258
db:	PACKETSTORM	id:	119351
db:	CNNVD	id:	CNNVD-201208-380
db:	NVD	id:	CVE-2012-3517

LAST UPDATE DATE

2025-04-11T22:49:24.177000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2012-4470	date:	2012-08-28T00:00:00
db:	BID	id:	55128	date:	2015-04-13T21:39:00
db:	JVNDB	id:	JVNDB-2012-003893	date:	2012-10-22T00:00:00
db:	CNNVD	id:	CNNVD-201208-380	date:	2012-08-28T00:00:00
db:	NVD	id:	CVE-2012-3517	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2012-4470	date:	2012-08-28T00:00:00
db:	BID	id:	55128	date:	2012-08-21T00:00:00
db:	JVNDB	id:	JVNDB-2012-003893	date:	2012-08-28T00:00:00
db:	PACKETSTORM	id:	121258	date:	2013-04-11T02:39:54
db:	PACKETSTORM	id:	119351	date:	2013-01-09T02:25:38
db:	CNNVD	id:	CNNVD-201208-380	date:	2012-08-23T00:00:00
db:	NVD	id:	CVE-2012-3517	date:	2012-08-26T03:17:44.043