[Bug 152232] Tor is vulnerable to a rewrite vuln on the controlport
Public bug reported: Well I already filled out a bugreport about that tor is way to outdated more than 2 months ago and you didn't care. Maybe a security-vuln will change this. Source: http://secunia.com/advisories/26301 Description: A vulnerability has been reported in Tor, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to the ControlPort (localhost:9051) handling commands without authentication when the first command was not a successful authenticate command. This can be exploited to e.g. modify the torrc file, when a user views a malicious web page containing a specially crafted POST request or via a malicious tor exit node. Successful exploitation may compromise a user's anonymity, but requires that the ControlPort is enabled. The vulnerability is reported in versions prior to 0.1.2.16. Addition: The control port is activated by default. An exploit also if its just for the windows version has already been released: http://milw0rm.com/exploits/4468 , so its likly also linux-exploits are out in the wild. ** Affects: feisty-backports Importance: Undecided Status: New ** Affects: tor (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public ** Also affects: tor (Ubuntu) Importance: Undecided Status: New -- Tor is vulnerable to a rewrite vuln on the controlport https://bugs.launchpad.net/bugs/152232 You received this bug notification because you are a member of Ubuntu Backporters, which is a direct subscriber. -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
[Bug 129641] Re: please backport bzr 0.18 from gutsy to feisty
[Expired for Feisty Backports because there has been no activity for 60 days.] -- please backport bzr 0.18 from gutsy to feisty https://bugs.launchpad.net/bugs/129641 You received this bug notification because you are a member of Ubuntu Backporters, which is the registrant for Feisty Backports. -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
[Bug 120292] Re: please backport qemu 0.9.0
[Expired for Feisty Backports because there has been no activity for 60 days.] -- please backport qemu 0.9.0 https://bugs.launchpad.net/bugs/120292 You received this bug notification because you are a member of Ubuntu Backporters, which is the registrant for Feisty Backports. -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
[Bug 115687] Re: please backport sun-java6 (6-02-0ubuntu1) from gutsy (was: java6 update1 is released, please update)
[Expired for Feisty Backports because there has been no activity for 60 days.] -- please backport sun-java6 (6-02-0ubuntu1) from gutsy (was: java6 update1 is released, please update) https://bugs.launchpad.net/bugs/115687 You received this bug notification because you are a member of Ubuntu Backporters, which is the registrant for Feisty Backports. -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
[Bug 80609] Re: Port apache2 2.2.3 from feisty back to dapper
[Expired for Dapper Backports because there has been no activity for 60 days.] -- Port apache2 2.2.3 from feisty back to dapper https://bugs.launchpad.net/bugs/80609 You received this bug notification because you are a member of Ubuntu Backporters, which is the bug contact for Dapper Backports. -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
[Bug 72725] Re: Backport prevu
[Expired for Dapper Backports because there has been no activity for 60 days.] -- Backport prevu https://bugs.launchpad.net/bugs/72725 You received this bug notification because you are a member of Ubuntu Backporters, which is the bug contact for Dapper Backports. -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
[Bug 59842] Re: backport beagle
[Expired for Dapper Backports because there has been no activity for 60 days.] -- backport beagle https://bugs.launchpad.net/bugs/59842 You received this bug notification because you are a member of Ubuntu Backporters, which is a direct subscriber. -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
[Bug 58599] Re: texlive-full from Feisty to Dapper
[Expired for Dapper Backports because there has been no activity for 60 days.] -- texlive-full from Feisty to Dapper https://bugs.launchpad.net/bugs/58599 You received this bug notification because you are a member of Ubuntu Backporters, which is the bug contact for Dapper Backports. -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
[Bug 51247] Re: latex-hangul-ucs 1:3.0.0-1
[Expired for Dapper Backports because there has been no activity for 60 days.] -- latex-hangul-ucs 1:3.0.0-1 https://bugs.launchpad.net/bugs/51247 You received this bug notification because you are a member of Ubuntu Backporters, which is the bug contact for Dapper Backports. -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
[Bug 45551] Re: kismet: UVF exception request for 2006-04-R1
[Expired for Dapper Backports because there has been no activity for 60 days.] -- kismet: UVF exception request for 2006-04-R1 https://bugs.launchpad.net/bugs/45551 You received this bug notification because you are a member of Ubuntu Backporters, which is the bug contact for Dapper Backports. -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
[Bug 115687] Re: please backport sun-java6 (6-02-0ubuntu1) from gutsy (was: java6 update1 is released, please update)
Note that Java 6u3 is available now, and fixes about 4 security issues (I wish Sun would collect those all in a single list) and also makes the javadb package available again. The debs from gutsy install just fine on feisty, and I haven't noticed a single problem with running them. -james. -- please backport sun-java6 (6-02-0ubuntu1) from gutsy (was: java6 update1 is released, please update) https://bugs.launchpad.net/bugs/115687 You received this bug notification because you are a member of Ubuntu Backporters, which is the registrant for Feisty Backports. -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
