CVE-2011-2778

Sažetak

Multiple heap-based buffer overflows in Tor before 0.2.2.35 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by (1) establishing a SOCKS connection to SocksPort or (2) leveraging a SOCKS proxy configuration.

Reference

http://www.debian.org/security/2011/dsa-2363
https://blog.torproject.org/blog/tor-02235-released-security-patches

CVSS

Base:	7.6
Impact:	10.0
Exploitability:	4.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:H/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

19-01-2012 - 03:58

Objavljeno

23-12-2011 - 03:59