tor
Page content
- Author: voroskoi
- Vulnerable: 0.1.2.14-1terminus1
- Unaffected: 0.1.2.16-1terminus1
A vulnerability has been reported in Tor, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to the ControlPort (localhost:9051) handling commands without authentication when the first command was not a successful “authenticate” command. This can be exploited to e.g. modify the “torrc” file, when a user views a malicious web page containing a specially crafted POST request or via a malicious tor exit node. Successful exploitation may compromise a user’s anonymity, but requires that the ControlPort is enabled.
- Bug Tracker URL: http://bugs.frugalware.org/task/2365