[tor-bugs] #6297 [Tor Client]: SOCKS issues with bitcoin in .2.3.18-rc vs .2.2.37
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Wed Jul 18 13:26:05 UTC 2012
#6297: SOCKS issues with bitcoin in .2.3.18-rc vs .2.2.37
-------------------------+--------------------------------------------------
Reporter: jrmithdobbs | Owner:
Type: defect | Status: needs_information
Priority: normal | Milestone:
Component: Tor Client | Version: Tor: 0.2.3.18-rc
Keywords: | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
Comment(by nickm):
If the attacker can inject data into your socks connection, you are pretty
sure to lose no matter how socks is parsed. For example, the attacker
could insert a SOCKS connect request to a host under their control
immediately before your actual request. Or the attacker could insert an
IMG for a document hosted at a hostile URL into an HTTP response.
If you want to be secure, I think you truly need to keep hostile parties
from messing with your TCP streams between your applications and your
socks server.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6297#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list