thr3ads.net - Secure testing team - [Secure-testing-team] Bug#537148: CVE-2009-2425, CVE-2009-2426 [Jul 2009]

If this information is useful, please help other people find it:
Share via:

Giuseppe Iuculano

2009-Jul-15 13:59 UTC

[Secure-testing-team] Bug#537148: CVE-2009-2425, CVE-2009-2426

Package: tor
Version: 0.2.0.34-1
Severity: important
Tags: security lenny

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for tor.

CVE-2009-2425[0]:
| Tor before 0.2.0.35 allows remote attackers to cause a denial of
| service (application crash) via a malformed router descriptor.

CVE-2009-2426[1]:
| The connection_edge_process_relay_cell_not_open function in
| src/or/relay.c in Tor 0.2.x before 0.2.0.35 and 0.1.x before
| 0.1.2.8-beta allows exit relays to have an unspecified impact by
| causing controllers to accept DNS responses that redirect to an
| internal IP address via unknown vectors.  NOTE: some of these details
| are obtained from third party information.

If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2425
    http://security-tracker.debian.net/tracker/CVE-2009-2425
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2426
    http://security-tracker.debian.net/tracker/CVE-2009-2426


Cheers,
Giuseppe

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkpd4NQACgkQNxpp46476aokHQCfa17Dn/yePS/XahDjjS20tyN0
c+UAnj9TevSMj4sxPnduFcIfBoe7RkMk
=0dGL
-----END PGP SIGNATURE-----

Secure testing team - Jul 2009 - Bug#537148: CVE-2009-2425, CVE-2009-2426

[Secure-testing-team] Bug#537148: CVE-2009-2425, CVE-2009-2426