Tor < 0.1.2.16 ControlPort Remote Rewrite Exploit

Kyle Williams kyle.kwilliams at gmail.com
Sat Sep 29 22:11:34 UTC 2007


On 9/29/07, Paul Ferguson <fergdawg at netzero.net> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> A Proof-of-Concept exploit is now circulating:
>
> http://www.milw0rm.com/exploits/4468
>
> Needless to say, people are encourage to run 0.1.2.17 or better. :-)
>
> - - ferg
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.6.3 (Build 3017)
>
> wj8DBQFG/sLSq1pz9mNUZTMRAjLzAJ9keMavFeEB0nDmvL1uhNBdrmAvpgCfSUdS
> ybz+X1lVZKtkTtFVTCBUzk4=
> =Qz2y
> -----END PGP SIGNATURE-----
>
>
>
> --
> "Fergie", a.k.a. Paul Ferguson
> Engineering Architecture for the Internet
> fergdawg(at)netzero.net
> ferg's tech blog: http://fergdawg.blogspot.com/
>
>
Also,
http://secunia.com/advisories/26301

I like how they labeled it "Moderately critical"...that's an understatement.

Looks like the cat is really out of the bag now, time to post the full write
up I've been sitting on.
It's been 8 weeks now, so if you haven't update Tor, then you should do that
ASAP.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20070929/41e26776/attachment.htm>


More information about the tor-talk mailing list