[tor-bugs] #2151 [Torbutton]: Security Hole: FTP and Gopher
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Mon Nov 1 21:03:03 UTC 2010
#2151: Security Hole: FTP and Gopher
-----------------------------+----------------------------------------------
Reporter: johndoe32102002 | Owner: mikeperry
Type: defect | Status: new
Priority: critical | Milestone:
Component: Torbutton | Version: Torbutton: 1.2.5
Keywords: | Parent:
-----------------------------+----------------------------------------------
In TorButton's Preferences, the programmer left out FTP and Gopher
settings. This is a security hole because a malicious webserver/user can
post a gopher or ftp link on a website or onion site visited through TOR
and expose the user's external IP address.
Patch: A patch must be released that updates FTP and Gopher with a null
proxy, such as 127.0.0.1:1 (and have the TorButton ensure no service is
running on the null port).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2151>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list