A flaw in Tor leads to the disclosure of information and the loss of anonymity, integrity and confidentiality.
Package | net-misc/tor on all architectures |
---|---|
Affected versions | < 0.1.0.14 |
Unaffected versions | >= 0.1.0.14 |
Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service.
The Diffie-Hellman implementation of Tor fails to verify the cryptographic strength of keys which are used during handshakes.
By setting up a malicious Tor server and enticing users to use this server as first hop, a remote attacker could read and modify all traffic of the user.
There is no known workaround at this time.
All Tor users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/tor-0.1.0.14"
Release date
August 25, 2005
Latest revision
August 25, 2005: 01
Severity
low
Exploitable
remote
Bugzilla entries