FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

tor -- remote crash and potential remote code execution

Affected packages
tor < 0.2.1.28
tor-devel < 0.2.2.20-alpha

Details

VuXML ID 4bd33bc5-0cd6-11e0-bfa4-001676740879
Discovery 2010-12-17
Entry 2010-12-22

The Tor Project reports:

Remotely exploitable bug that could be used to crash instances of Tor remotely by overflowing on the heap. Remote-code execution hasn't been confirmed, but can't be ruled out. Everyone should upgrade.

[source]

References

Bugtraq ID 45500
CVE Name CVE-2010-1676
FreeBSD PR ports/153326
Message 20101220135830.GU3300@moria.seul.org
Message 20101220141526.GS3255@moria.seul.org
URL https://gitweb.torproject.org/tor.git/blob/release-0.2.1:/ChangeLog
URL https://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ChangeLog

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.