Rapid7 Vulnerability & Exploit Database

FreeBSD: VID-C1DC55DC-9556-11E6-B154-3065EC8FD3EC: Tor -- remote denial of service

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

FreeBSD: VID-C1DC55DC-9556-11E6-B154-3065EC8FD3EC: Tor -- remote denial of service

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
10/17/2016
Created
07/25/2018
Added
11/14/2016
Modified
09/19/2017

Description

The Tor Blog reports:

Prevent a class of security bugs caused by treating the contents

of a buffer chunk as if they were a NUL-terminated string. At least

one such bug seems to be present in all currently used versions of

Tor, and would allow an attacker to remotely crash most Tor

instances, especially those compiled with extra compiler hardening.

With this defense in place, such bugs can't crash Tor, though we

should still fix them as they occur. Closes ticket 20384

(TROVE-2016-10-001).

Solution(s)

  • freebsd-upgrade-package-tor
  • freebsd-upgrade-package-tor-devel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;