Debian Security Advisory DSA 2331-1 (tor)

The Debian Security Advisory DSA 2331-1 (tor) addresses a design flaw in Tor, allowing malicious relay servers to learn sensitive information, potentially leading to user deanonymization

Reporter	Title	Published	Views	Family All 43
CVE	CVE-2011-2768	23 Dec 201102:00	–	cve
CVE	CVE-2011-2769	23 Dec 201102:00	–	cve
Cvelist	CVE-2011-2768	23 Dec 201102:00	–	cvelist
Cvelist	CVE-2011-2769	23 Dec 201102:00	–	cvelist
Debian	[SECURITY] [DSA 2331-1] tor security update	28 Oct 201116:17	–	debian
Debian CVE	CVE-2011-2768	23 Dec 201102:00	–	debiancve
Debian CVE	CVE-2011-2769	23 Dec 201102:00	–	debiancve
Tenable Nessus	Debian DSA-2331-1 : tor - several vulnerabilities	31 Oct 201100:00	–	nessus
Tenable Nessus	Fedora 15 : tor-0.2.1.31-1500.fc15 (2011-15117)	7 Nov 201100:00	–	nessus
Tenable Nessus	Fedora 16 : tor-0.2.2.34-1600.fc16 (2011-15208)	14 Nov 201100:00	–	nessus

# OpenVAS Vulnerability Test
# $Id: deb_2331_1.nasl 6612 2017-07-07 12:08:03Z cfischer $
# Description: Auto-generated from advisory DSA 2331-1 (tor)
#
# Authors:
# Thomas Reinke <[email protected]>
#
# Copyright:
# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# or at your option, GNU General Public License version 3,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#

include("revisions-lib.inc");
tag_insight = "It has been discovered by frosty_un that a design flaw in Tor, an online
privacy tool, allows malicious relay servers to learn certain information
that they should not be able to learn. Specifically, a relay that a user
connects to directly could learn which other relays that user is
connected to directly. In combination with other attacks, this issue
can lead to deanonymizing the user.  The Common Vulnerabilities and
Exposures project has assigned CVE-2011-2768 to this issue.

In addition to fixing the above mentioned issues, the updates to oldstable
and stable fix a number of less critical issues (CVE-2011-2769). Please
see this posting from the Tor blog for more information:
https://blog.torproject.org/blog/tor-02234-released-security-patches

For the oldstable distribution (lenny), this problem has been fixed in
version 0.2.1.31-1~lenny+1. Due to technical limitations in the Debian
archive scripts, the update cannot be released synchronously with the
packages for stable. It will be released shortly.

For the stable distribution (squeeze), this problem has been fixed in
version 0.2.1.31-1.

For the unstable and testing distributions, this problem has been fixed in
version 0.2.2.34-1.

For the experimental distribution, this problem have has fixed in version
0.2.3.6-alpha-1.

We recommend that you upgrade your tor packages.";
tag_summary = "The remote host is missing an update to tor
announced via advisory DSA 2331-1.";

tag_solution = "https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202331-1";

if(description)
{
 script_id(70547);
 script_tag(name:"cvss_base", value:"5.8");
 script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:N");
 script_cve_id("CVE-2011-2768", "CVE-2011-2769");
 script_version("$Revision: 6612 $");
 script_tag(name:"last_modification", value:"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $");
 script_tag(name:"creation_date", value:"2012-02-11 02:27:18 -0500 (Sat, 11 Feb 2012)");
 script_name("Debian Security Advisory DSA 2331-1 (tor)");


 script_category(ACT_GATHER_INFO);

 script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
 script_family("Debian Local Security Checks");
 script_dependencies("gather-package-list.nasl");
 script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages");
 script_tag(name : "solution" , value : tag_solution);
 script_tag(name : "insight" , value : tag_insight);
 script_tag(name : "summary" , value : tag_summary);
 script_tag(name:"qod_type", value:"package");
 script_tag(name:"solution_type", value:"VendorFix");
 exit(0);
}

#
# The script code starts here
#

include("pkg-lib-deb.inc");
res = "";
report = "";
if((res = isdpkgvuln(pkg:"tor", ver:"0.2.1.31-1", rls:"DEB5.0")) != NULL) {
    report += res;
}
if((res = isdpkgvuln(pkg:"tor-dbg", ver:"0.2.1.31-1", rls:"DEB5.0")) != NULL) {
    report += res;
}
if((res = isdpkgvuln(pkg:"tor-geoipdb", ver:"0.2.1.31-1", rls:"DEB5.0")) != NULL) {
    report += res;
}
if((res = isdpkgvuln(pkg:"tor", ver:"0.2.2.35-1~squeeze+1", rls:"DEB6.0")) != NULL) {
    report += res;
}
if((res = isdpkgvuln(pkg:"tor-dbg", ver:"0.2.2.35-1~squeeze+1", rls:"DEB6.0")) != NULL) {
    report += res;
}
if((res = isdpkgvuln(pkg:"tor-geoipdb", ver:"0.2.2.35-1~squeeze+1", rls:"DEB6.0")) != NULL) {
    report += res;
}

if(report != "") {
    security_message(data:report);
} else if (__pkg_match) {
    exit(99); # Not vulnerable.
}

07 Jul 2017 00:00Current

7.5High risk

Vulners AI Score7.5

EPSS0.01203