Tor Directory Authority 'policy_summarize' Denial Of Service Vulnerability (Windows) Network Vulnerability

Summary

This host is installed with Tor and is prone to buffer overflow vulnerability.

Impact

Successful exploitation will allow remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts will likely result in denial-of-service conditions. Impact level: Application

Solution

Upgrade to Tor version 0.2.1.30 or later http://www.torproject.org/download/download.html.en

Insight

The flaw is caused by an boundary error within the policy_summarize function in Tor, which can be exploited to crash a Tor directory authority.

Affected

Tor version prior to 0.2.1.30 on Windows.

References

http://secunia.com/advisories/43548

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1924

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

FreeType Memory Corruption and Buffer Overflow Vulnerabilities (Windows)
Apple Safari Denial of Service Vulnerability (Win) - Apr09
Eggdrop Server Module Message Handling Remote Buffer Overflow Vulnerability
FreeRADIUS Tunnel-Password Denial Of Service Vulnerability
Asterisk T.38 Negotiation Remote Denial Of Service Vulnerability

Tor Directory Authority 'policy_summarize' Denial of Service Vulnerability (Windows)

Take action and discover your vulnerabilities