Bug 20607 - Tor DNS Spoofing and Denial of Service Vulnerabilities: CVE-2009-2425, CVE-2009-2426
Summary: Tor DNS Spoofing and Denial of Service Vulnerabilities: CVE-2009-2425, CVE-20...
Status: CLOSED FIXED
Alias: None
Product: Sisyphus
Classification: Development
Component: tor (show other bugs)
Version: unstable
Hardware: all Linux
: P3 normal
Assignee: Anton Farygin
QA Contact: qa-sisyphus
URL: http://archives.seul.org/or/announce/...
Keywords: security
Depends on:
Blocks:
 
Reported: 2009-06-26 21:28 MSD by Vladimir Lettiev
Modified: 2009-07-13 11:48 MSD (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Vladimir Lettiev 2009-06-26 21:28:58 MSD 
Changes in version 0.2.0.35 - 2009-06-24
  o Security fix:
    - Avoid crashing in the presence of certain malformed descriptors.
      Found by lark, and by automated fuzzing.
    - Fix an edge case where a malicious exit relay could convince a
      controller that the client's DNS question resolves to an internal IP
      address. Bug found and fixed by "optimist"; bugfix on 0.1.2.8-beta.
...
Comment 1 Sviatoslav Sviridov 2009-06-30 16:01:43 MSD 
Version in Sisyphus is updated to 0.2.0.35-alt2