[tor-bugs] #22740 [Core Tor/Tor]: vulnerability allows you to access not-specified port from tor client
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jun 28 02:09:08 UTC 2017
#22740: vulnerability allows you to access not-specified port from tor client
--------------------------+---------------------
Reporter: cypherpunks | Owner:
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Core Tor/Tor | Version:
Severity: Minor | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------+---------------------
Changes (by arma):
* priority: Immediate => Medium
* severity: Critical => Minor
Comment:
No, I'm sorry, I think you are misunderstanding the article.
In that article, I don't see any situations where the Tor client is able
to induce the Tor process at the hidden service end to make a connection
to any address other than 127.0.0.1:80.
(The article mentions making connections to 127.0.0.1:8000, but that is on
the *client* side. Those are two different 127.0.0.1's they're talking
about.)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22740#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list