FrSIRT - Fedora Security Update Fixes Tor Security Bypass and Information Disclosure / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes Tor Security Bypass and Information Disclosure

Title : Fedora Security Update Fixes Tor Security Bypass and Information Disclosure
Advisory ID : FrSIRT/ADV-2007-2924
CVE ID : CVE-2007-3165 - CVE-2007-4174
Rated as : Moderate Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-08-21

Advisory Details

Description

Affected Products

Solution

References

Technical Description

Two vulnerabilities have been identified in Fedora, which could be exploited by attackers to bypass security restrictions or gain knowledge of sensitive information [...]

Solution

Upgrade the affected packages :

c61620488084c256607d867bf65204b8478ee18e tor-0.1.2.16-1.fc7.ppc64.rpm
e82e0b50b9de31dcf31294c5dee2e1b2ea41e13c tor-lsb-0.1.2.16-1.fc7.ppc64.rpm
10c80977e6a250e199afbe7af7ab70752024928d tor-debuginfo-0.1.2.16-1.fc7.ppc64.rpm
3c527055884d1c43e34639ebf9e030774ab47b9b tor-core-0.1.2.16-1.fc7.ppc64.rpm
509e7fe43097321a878397e1a91ca4d9b12e0025 tor-core-0.1.2.16-1.fc7.i386.rpm
8b6332f771b918b3b1237694179c97fc508e0450 tor-debuginfo-0.1.2.16-1.fc7.i386.rpm
fb08a473948e08e754b490a272b05cec5ac9d807 tor-0.1.2.16-1.fc7.i386.rpm
e87b14a5592e1c65ea38d9142deb2a057b380c0e tor-lsb-0.1.2.16-1.fc7.i386.rpm
354d2688a01a2ceb579fc4c68b8e478dec23e60a tor-0.1.2.16-1.fc7.x86_64.rpm
2cd83eeb84b5134f01699ce922d3797b23cd9ff5 tor-debuginfo-0.1.2.16-1.fc7.x86_64.rpm
921f12441c335038c2ee7020c6d5075c4773b154 tor-lsb-0.1.2.16-1.fc7.x86_64.rpm
7551b32a2ad1b2c9961a840c5ddc7dbe62b122d1 tor-core-0.1.2.16-1.fc7.x86_64.rpm
fa57915f5cf4a51cd6960e4bf6c88b74b4d55a3a tor-debuginfo-0.1.2.16-1.fc7.ppc.rpm
54b766272ac864a11ef3962add0fccbed36c7f65 tor-core-0.1.2.16-1.fc7.ppc.rpm
f37252b781f32c03ef8a96e109dd11af06c6fa70 tor-0.1.2.16-1.fc7.ppc.rpm
60ea4facebed88d420a57cc3a15a9ddf721d1c90 tor-lsb-0.1.2.16-1.fc7.ppc.rpm
d04c30fe34714710eb53ff04d0be45d9827c4be0 tor-0.1.2.16-1.fc7.src.rpm

ChangeLog

2007-08-21 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Sun Logical Domain Manager Local Privilege Escalation Vulnerability
	Sun StarOffice/StarSuite EMF Handling Buffer Overflow Vulnerability
	Sun Java Messaging Server Cross Site Scripting Vulnerability
	Sun Solaris IP Filter NAT Service DNS Cache Poisoning Vulnerability
	Sun Java System Identity Manager Security Bypass Vulnerabilities
	Sun Solaris DHCP Buffer Overflow and Denial of Service
	Sun Solstice X.25 "/dev/xty" Local Denial of Service Vulnerability

	IBM AIX Multiple Command Local Privilege Escalation Vulnerabilities
	IBM AIX Sendmail Header Lines Denial of Service Vulnerability
	IBM Metrica Multiple Parameter Cross Site Scripting Vulnerabilities
	IBM Lotus Quickr Unspecified Cross Site Scripting Vulnerabilities
	IBM Hardware Management Console Denial of Service Vulnerability
	IBM Tivoli Storage Manager Client Buffer Overflow Vulnerability
	IBM DB2 Denial of Service and Information Disclosure Vulnerabilities

	Microsoft XML Core Services Multiple Remote Vulnerabilities (MS08-069)
	Microsoft Windows SMB Credential Reflection Vulnerability (MS08-068)
	Microsoft Windows Server Service Vulnerability (MS08-067)
	Microsoft Windows "afd.sys" Privilege Escalation Vulnerability (MS08-066)
	Microsoft Windows MSMQ Code Execution Vulnerability (MS08-065)
	Microsoft Windows VADs Privilege Escalation Vulnerability (MS08-064)
	Microsoft Windows SMB Code Execution Vulnerability (MS08-063)