[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Tor and Torsocks updates

To: [email protected]
Subject: Tor and Torsocks updates
From: guninski at guninski.com (Georgi Guninski)
Date: Thu, 20 Oct 2016 14:26:16 +0300
In-reply-to: <CAD2Ti28=tX7dpgKzA2=Q-zZ2rgD+Yw2NN7r2S55uxhD7dt_3-Q@mail.gmail.com>
References: <CAD2Ti28=tX7dpgKzA2=Q-zZ2rgD+Yw2NN7r2S55uxhD7dt_3-Q@mail.gmail.com>

On Thu, Oct 20, 2016 at 12:27:32AM -0400, grarpamp wrote:
> For people using tor...
> 
> https://blog.torproject.org/blog/tor-0289-released-important-fixes
> https://lists.torproject.org/pipermail/tor-dev/2016-October/011579.html

    * Fix memcpy buffer overrun in gethostbyaddr()
    * Fix memcpy() buffer overrun in gethostbyname()

Modifications of these were exploitable at least 20 years ago ;)

Probably tor will have hard time showing they are not exploitable,
especially when they lack exploit imagination.

Did I troll that tor allows remote code execution? (Certainly).

Follow-Ups:
- Tor and Torsocks updates
  - From: jnn at synfin.org (John Newman)

References:
- Tor and Torsocks updates
  - From: grarpamp at gmail.com (grarpamp)

Prev by Date: Tor and Torsocks updates
Next by Date: Tor and Torsocks updates
Previous by thread: Tor and Torsocks updates
Next by thread: Tor and Torsocks updates
Index(es):
- Date
- Thread