Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-Id: <20161019213549.6A26D52E018@smtpvbsrv1.mitre.org>
Date: Wed, 19 Oct 2016 17:35:49 -0400 (EDT)
From: cve-assign@...re.org
To: jmm@...ian.org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request for tor

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://blog.torproject.org/blog/tor-0289-released-important-fixes
> https://github.com/torproject/tor/commit/3cea86eb2fbb65949673eb4ba8ebb695c87a57ce
> https://trac.torproject.org/projects/tor/ticket/20384

> Tor 0.2.8.9 backports a fix for a security hole in previous versions
> of Tor that would allow a remote attacker to crash a Tor client,
> hidden service, relay, or authority.

> Prevent a class of security bugs caused by treating the contents of a
> buffer chunk as if they were a NUL-terminated string. At least one
> such bug seems to be present in all currently used versions of Tor,
> and would allow an attacker to remotely crash most Tor instances,
> especially those compiled with extra compiler hardening. With this
> defense in place, such bugs can't crash Tor, though we should still
> fix them as they occur. Closes ticket 20384

> Add a one-word sentinel value of 0x0 at the end of each buf_t chunk
> 
> This helps protect against bugs where any part of a buf_t's memory
> is passed to a function that expects a NUL-terminated input.

Here, we will assign the ID to the broadest possible interpretation of
the issue, which perhaps can be restated as "Tor internal functions
were entitled to expect that buf_t data had NUL termination, but the
implementation of or/buffers.c did not ensure that NUL termination was
present."

Use CVE-2016-8860.

With this CVE, any related "we should still fix them as they occur"
patches can most likely be treated as defense-in-depth changes, and
won't require separate CVE IDs.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYB+XHAAoJEHb/MwWLVhi2sBMP+wRQ7PiGfYaTU0Cym1dNAYpJ
cXF5FHCE+wIRIzBh4DxPPPm/335kM4iLd/4mTL0Tt6OXRbqxHBcaGQlcEhchW4YH
YCoTVuKDZDXo9OD1AaJtWVcV0b8AYk+H0uGCMarvnSiuO5b+149DQiFaSxE9ORVx
z2c+2GzAXm+rI1kEfRVh/Ak1sVyW6fLh1zazMObvdrvEJutSJw9iVI8/hO6mgQ3I
EMaqg4WjVdWuEcAfEDmqRT//AF41QsYUYQ916BluCNoMATqGT38IsU5a5ESScTi3
P5cnEG0fn2KbXYbP449vLhyEOPzS/O/yZDcpiGmgn+Sr8znggwPoetVQ3C84jjVb
FeyhMRwzEd+ugiSxSeGTja9sDGRugtkcR0XAsMEOn/0qnCTRPK2iTxq3EGt+F7lC
4swukuQ6rJDY3qmn+7y8eUthu9Y87qwzsEd8l1WomtGLnyErEiolrJO7JngXYQuc
IEZpoqvmonZd8WPOr4doMH9TT6ybpW7thA+DY1gt0EgsiYaITe9u6c7kcjkhR/5C
9nda+YakEjAM6r/W0S3Xvo1iJ+k1ar5ZX37o5H/UqMFVtJqs5G8/d6Nejqn9ZiHJ
m1hdRYbe2Pr0n2gZg1POhYs8JogcqXw6eTYJIAtKy1ssHKU0WnP5YRDiQ1wKWk3g
RTr0TaPl+xvXHMUq+mxr
=yC51
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.