Tor was updated to 0.2.4.27 to fix two security issues that could be used by an attacker to crash hidden services, or crash clients visiting hidden services. Hidden services should upgrade as soon as possible.
The following security issues were fixed :
A malicious client could trigger an assertion failure and halt a hidden service. (CVE-2015-2928)
A client could crash with an assertion failure when parsing a malformed hidden service descriptor.
(CVE-2015-2929)
This release also backports a simple improvement to make hidden services a bit less vulnerable to denial-of-service attacks :
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2015-300.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(82754);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2015-2928", "CVE-2015-2929");
script_name(english:"openSUSE Security Update : tor (openSUSE-2015-300)");
script_summary(english:"Check for the openSUSE-2015-300 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Tor was updated to 0.2.4.27 to fix two security issues that could be
used by an attacker to crash hidden services, or crash clients
visiting hidden services. Hidden services should upgrade as soon as
possible.
The following security issues were fixed :
- A malicious client could trigger an assertion failure
and halt a hidden service. (CVE-2015-2928)
- A client could crash with an assertion failure when
parsing a malformed hidden service descriptor.
(CVE-2015-2929)
This release also backports a simple improvement to make hidden
services a bit less vulnerable to denial-of-service attacks :
- Introduction points no longer allow multiple INTRODUCE1
cells to arrive on the same circuit. This should make it
more expensive for attackers to overwhelm hidden
services with introductions."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=926097"
);
script_set_attribute(attribute:"solution", value:"Update the affected tor packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tor");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tor-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tor-debugsource");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/24");
script_set_attribute(attribute:"patch_publication_date", value:"2015/04/06");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/14");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE13\.1|SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1 / 13.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE13.1", reference:"tor-0.2.4.27-5.30.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"tor-debuginfo-0.2.4.27-5.30.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"tor-debugsource-0.2.4.27-5.30.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"tor-0.2.4.27-13.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"tor-debuginfo-0.2.4.27-13.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"tor-debugsource-0.2.4.27-13.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tor / tor-debuginfo / tor-debugsource");
}