Vulnerabilities > CVE-2015-2928 - Denial of Service vulnerability in Tor

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
torproject
nessus

Summary

The Hidden Service (HS) server implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors.

Vulnerable Configurations

Part Description Count
Application
Torproject
319

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-5732.NASL
    descriptionUpdate to upstream release 0.2.5.12. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-04-20
    plugin id82883
    published2015-04-20
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82883
    titleFedora 20 : tor-0.2.5.12-1.fc20 (2015-5732)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2015-5732.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(82883);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2015-2928", "CVE-2015-2929");
      script_xref(name:"FEDORA", value:"2015-5732");
    
      script_name(english:"Fedora 20 : tor-0.2.5.12-1.fc20 (2015-5732)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Update to upstream release 0.2.5.12.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1209804"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2015-April/154814.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?18ae58dd"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected tor package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tor");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/04/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/20");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC20", reference:"tor-0.2.5.12-1.fc20")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tor");
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201507-02.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201507-02 (Tor: Denial of Service) Tor does not handle data correctly when specifically crafted data is sent, and also fails to properly verify a descriptor provided by a hidden service directory. Impact : A remote attacker could cause a Denial of Service condition in both a Tor client or a Tor server. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id84556
    published2015-07-07
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84556
    titleGLSA-201507-02 : Tor: Denial of Service
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201507-02.
    #
    # The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(84556);
      script_version("2.3");
      script_cvs_date("Date: 2020/02/03");
    
      script_cve_id("CVE-2015-2928", "CVE-2015-2929");
      script_bugtraq_id(73932, 73938);
      script_xref(name:"GLSA", value:"201507-02");
    
      script_name(english:"GLSA-201507-02 : Tor: Denial of Service");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201507-02
    (Tor: Denial of Service)
    
        Tor does not handle data correctly when specifically crafted data is
          sent, and also fails to properly verify a descriptor provided by a hidden
          service directory.
      
    Impact :
    
        A remote attacker could cause a Denial of Service condition in both a
          Tor client or a Tor server.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      # https://blog.torproject.org/blog/tor-02512-and-0267-are-released
      script_set_attribute(
        attribute:"see_also",
        value:"https://blog.torproject.org/tor-02512-and-0267-are-released"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201507-02"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Tor users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=net-misc/tor-0.2.6.7'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:X/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:tor");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/07/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/07");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"net-misc/tor", unaffected:make_list("ge 0.2.6.7"), vulnerable:make_list("lt 0.2.6.7"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Tor");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-5890.NASL
    descriptionUpdate to upstream release 0.2.5.12. Update to upstream release 0.2.5.11. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-04-22
    plugin id82969
    published2015-04-22
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82969
    titleFedora 22 : tor-0.2.5.12-1.fc22 (2015-5890)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2015-5890.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(82969);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2015-2688", "CVE-2015-2689", "CVE-2015-2928", "CVE-2015-2929");
      script_xref(name:"FEDORA", value:"2015-5890");
    
      script_name(english:"Fedora 22 : tor-0.2.5.12-1.fc22 (2015-5890)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Update to upstream release 0.2.5.12. Update to upstream release
    0.2.5.11.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1204773"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1209804"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155069.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?92839966"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected tor package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tor");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:22");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/04/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/22");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^22([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 22.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC22", reference:"tor-0.2.5.12-1.fc22")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tor");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-187.NASL
    descriptionSeveral hidden service related denial of service issues have been discovered in Tor, a connection-based low-latency anonymous communication system. o
    last seen2020-03-17
    modified2015-04-07
    plugin id82594
    published2015-04-07
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82594
    titleDebian DLA-187-1 : tor security update
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Debian Security Advisory DLA-187-1. The text
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(82594);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2015-2928", "CVE-2015-2929");
      script_bugtraq_id(73932, 73938);
    
      script_name(english:"Debian DLA-187-1 : tor security update");
      script_summary(english:"Checks dpkg output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several hidden service related denial of service issues have been
    discovered in Tor, a connection-based low-latency anonymous
    communication system.
    
    o 'disgleirio' discovered that a malicious client could trigger an
    assertion failure in a Tor instance providing a hidden service, thus
    rendering the service inaccessible. [CVE-2015-2928]
    
    o 'DonnchaC' discovered that Tor clients would crash with an assertion
    failure upon parsing specially crafted hidden service descriptors.
    [CVE-2015-2929]
    
    o Introduction points would accept multiple INTRODUCE1 cells on one
    circuit, making it inexpensive for an attacker to overload a hidden
    service with introductions. Introduction points no longer allow
    multiple such cells on the same circuit.
    
    NOTE: Tenable Network Security has extracted the preceding description
    block directly from the DLA security advisory. Tenable has attempted
    to automatically clean and format it as much as possible without
    introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.debian.org/debian-lts-announce/2015/04/msg00001.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/squeeze-lts/tor"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Upgrade the affected tor, tor-dbg, and tor-geoipdb packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:X/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:tor");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:tor-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:tor-geoipdb");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/04/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/07");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"6.0", prefix:"tor", reference:"0.2.4.27-1~deb6u1")) flag++;
    if (deb_check(release:"6.0", prefix:"tor-dbg", reference:"0.2.4.27-1~deb6u1")) flag++;
    if (deb_check(release:"6.0", prefix:"tor-geoipdb", reference:"0.2.4.27-1~deb6u1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2015-205.NASL
    descriptionUpdated tor packages fix security vulnerabilities : disgleirio discovered that a malicious client could trigger an assertion failure in a Tor instance providing a hidden service, thus rendering the service inaccessible (CVE-2015-2928). DonnchaC discovered that Tor clients would crash with an assertion failure upon parsing specially crafted hidden service descriptors (CVE-2015-2929). Introduction points would accept multiple INTRODUCE1 cells on one circuit, making it inexpensive for an attacker to overload a hidden service with introductions. Introduction points now no longer allow multiple cells of that type on the same circuit. The tor package has been updated to version 0.2.4.27, fixing these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id83097
    published2015-04-28
    reporterThis script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83097
    titleMandriva Linux Security Advisory : tor (MDVSA-2015:205)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2015:205. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(83097);
      script_version("2.3");
      script_cvs_date("Date: 2019/08/02 13:32:57");
    
      script_cve_id("CVE-2015-2928", "CVE-2015-2929");
      script_bugtraq_id(73932, 73938);
      script_xref(name:"MDVSA", value:"2015:205");
    
      script_name(english:"Mandriva Linux Security Advisory : tor (MDVSA-2015:205)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Mandriva Linux host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated tor packages fix security vulnerabilities :
    
    disgleirio discovered that a malicious client could trigger an
    assertion failure in a Tor instance providing a hidden service, thus
    rendering the service inaccessible (CVE-2015-2928).
    
    DonnchaC discovered that Tor clients would crash with an assertion
    failure upon parsing specially crafted hidden service descriptors
    (CVE-2015-2929).
    
    Introduction points would accept multiple INTRODUCE1 cells on one
    circuit, making it inexpensive for an attacker to overload a hidden
    service with introductions. Introduction points now no longer allow
    multiple cells of that type on the same circuit.
    
    The tor package has been updated to version 0.2.4.27, fixing these
    issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://advisories.mageia.org/MGASA-2015-0151.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected tor package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tor");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/04/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/28");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"tor-0.2.4.27-1.mbs1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-5729.NASL
    descriptionUpdate to upstream release 0.2.5.12. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-04-20
    plugin id82882
    published2015-04-20
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82882
    titleFedora 21 : tor-0.2.5.12-1.fc21 (2015-5729)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2015-5729.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(82882);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2015-2928", "CVE-2015-2929");
      script_xref(name:"FEDORA", value:"2015-5729");
    
      script_name(english:"Fedora 21 : tor-0.2.5.12-1.fc21 (2015-5729)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Update to upstream release 0.2.5.12.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1209804"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2015-April/154765.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?335f5164"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected tor package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tor");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:21");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/04/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/20");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^21([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 21.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC21", reference:"tor-0.2.5.12-1.fc21")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tor");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-300.NASL
    descriptionTor was updated to 0.2.4.27 to fix two security issues that could be used by an attacker to crash hidden services, or crash clients visiting hidden services. Hidden services should upgrade as soon as possible. The following security issues were fixed : - A malicious client could trigger an assertion failure and halt a hidden service. (CVE-2015-2928) - A client could crash with an assertion failure when parsing a malformed hidden service descriptor. (CVE-2015-2929) This release also backports a simple improvement to make hidden services a bit less vulnerable to denial-of-service attacks : - Introduction points no longer allow multiple INTRODUCE1 cells to arrive on the same circuit. This should make it more expensive for attackers to overwhelm hidden services with introductions.
    last seen2020-06-05
    modified2015-04-14
    plugin id82754
    published2015-04-14
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82754
    titleopenSUSE Security Update : tor (openSUSE-2015-300)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2015-300.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(82754);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2015-2928", "CVE-2015-2929");
    
      script_name(english:"openSUSE Security Update : tor (openSUSE-2015-300)");
      script_summary(english:"Check for the openSUSE-2015-300 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Tor was updated to 0.2.4.27 to fix two security issues that could be
    used by an attacker to crash hidden services, or crash clients
    visiting hidden services. Hidden services should upgrade as soon as
    possible. 
    
    The following security issues were fixed :
    
      - A malicious client could trigger an assertion failure
        and halt a hidden service. (CVE-2015-2928)
    
      - A client could crash with an assertion failure when
        parsing a malformed hidden service descriptor.
        (CVE-2015-2929)
    
    This release also backports a simple improvement to make hidden
    services a bit less vulnerable to denial-of-service attacks :
    
      - Introduction points no longer allow multiple INTRODUCE1
        cells to arrive on the same circuit. This should make it
        more expensive for attackers to overwhelm hidden
        services with introductions."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=926097"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected tor packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tor");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tor-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tor-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/04/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/14");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE13\.1|SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1 / 13.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE13.1", reference:"tor-0.2.4.27-5.30.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"tor-debuginfo-0.2.4.27-5.30.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"tor-debugsource-0.2.4.27-5.30.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"tor-0.2.4.27-13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"tor-debuginfo-0.2.4.27-13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"tor-debugsource-0.2.4.27-13.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tor / tor-debuginfo / tor-debugsource");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3216.NASL
    descriptionSeveral vulnerabilities have been discovered in Tor, a connection-based low-latency anonymous communication system : - CVE-2015-2928
    last seen2020-03-17
    modified2015-04-08
    plugin id82624
    published2015-04-08
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82624
    titleDebian DSA-3216-1 : tor - security update
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-3216. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(82624);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2015-2928", "CVE-2015-2929");
      script_xref(name:"DSA", value:"3216");
    
      script_name(english:"Debian DSA-3216-1 : tor - security update");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities have been discovered in Tor, a
    connection-based low-latency anonymous communication system :
    
      - CVE-2015-2928
        'disgleirio' discovered that a malicious client could
        trigger an assertion failure in a Tor instance providing
        a hidden service, thus rendering the service
        inaccessible.
    
      - CVE-2015-2929
        'DonnchaC' discovered that Tor clients would crash with
        an assertion failure upon parsing specially crafted
        hidden service descriptors.
    
    Introduction points would accept multiple INTRODUCE1 cells on one
    circuit, making it inexpensive for an attacker to overload a hidden
    service with introductions. Introduction points now no longer allow
    multiple cells of that type on the same circuit."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2015-2928"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2015-2929"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/wheezy/tor"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2015/dsa-3216"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the tor packages.
    
    For the stable distribution (wheezy), these problems have been fixed
    in version 0.2.4.27-1."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:tor");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/04/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/08");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"7.0", prefix:"tor", reference:"0.2.4.27-1")) flag++;
    if (deb_check(release:"7.0", prefix:"tor-dbg", reference:"0.2.4.27-1")) flag++;
    if (deb_check(release:"7.0", prefix:"tor-geoipdb", reference:"0.2.4.27-1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");