FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2010-1676

This CVE name corresponds to:

Entered Topic
2010-12-22 tor -- remote crash and potential remote code execution

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2010-1676
Phase Assigned(20100430)

Description

Heap-based buffer overflow in Tor before 0.2.1.28 and 0.2.2.x before 0.2.2.20-alpha allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors.

References

Source Reference
MLIST [or-announce] 20101220 Tor 0.2.1.28 is released (security patches)
CONFIRM http://blog.torproject.org/blog/tor-02128-released-security-patches
CONFIRM http://blog.torproject.org/blog/tor-02220-alpha-out-security-patches
CONFIRM https://gitweb.torproject.org/tor.git/blob/release-0.2.1:/ChangeLog
DEBIAN DSA-2136
FEDORA FEDORA-2010-19147
FEDORA FEDORA-2010-19159
GENTOO GLSA-201101-02
BID 45500
SECTRACK 1024910
SECUNIA 42536
SECUNIA 42667
SECUNIA 42783
SECUNIA 42916
VUPEN ADV-2010-3290
VUPEN ADV-2011-0114