[tor-bugs] #6710 [Tor Relay]: Tor Relays accept arbitrary destination address and port and leak information about reachability
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Mon Aug 27 15:20:50 UTC 2012
#6710: Tor Relays accept arbitrary destination address and port and leak
information about reachability
-----------------------+----------------------------------------------------
Reporter: thejh | Owner:
Type: defect | Status: needs_review
Priority: major | Milestone: Tor: 0.2.3.x-final
Component: Tor Relay | Version: Tor: unspecified
Keywords: | Parent:
Points: | Actualpoints:
-----------------------+----------------------------------------------------
Changes (by nickm):
* priority: normal => major
* status: new => needs_review
* milestone: Tor: unspecified => Tor: 0.2.3.x-final
Comment:
The best/easiest fix for the worst part of this is probably just to reject
EXTEND cells to private addresses. The rest of this (where you probe a
router's TCP state or firewall cfg by asking it to extend different
places) is probably no so easy, or *as* critical.
I've got a patch in branch bug6710_023 in my public repository that should
go into 0.2.3.x after review. We should consider a backport to 0.2.2.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6710#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list