CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
EPSS
Percentile
78.9%
Tor 0.2.4.23 [bnc#889688] [CVE-2014-5117] Slows down the risk from guard rotation and backports several important fixes from the Tor 0.2.5 alpha release series.
Major features :
Clients now look at the ‘usecreatefast’ consensus parameter to decide whether to use CREATE_FAST or CREATE cells for the first hop of their circuit. This approach can improve security on connections where Tor’s circuit handshake is stronger than the available TLS connection security levels, but the tradeoff is more computational load on guard relays.
Make the number of entry guards configurable via a new NumEntryGuards consensus parameter, and the number of directory guards configurable via a new NumDirectoryGuards consensus parameter.
Major bugfixes :
Fix a bug in the bounds-checking in the 32-bit curve25519-donna implementation that caused incorrect results on 32-bit implementations when certain malformed inputs were used along with a small class of private ntor keys.
Minor bugfixes :
Warn and drop the circuit if we receive an inbound ‘relay early’ cell.
Correct a confusing error message when trying to extend a circuit via the control protocol but we don’t know a descriptor or microdescriptor for one of the specified relays.
Avoid an illegal read from stack when initializing the TLS module using a version of OpenSSL without all of the ciphers used by the v2 link handshake.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2014-492.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(77136);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2014-5117");
script_name(english:"openSUSE Security Update : tor (openSUSE-SU-2014:0975-1)");
script_summary(english:"Check for the openSUSE-2014-492 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
" - Tor 0.2.4.23 [bnc#889688] [CVE-2014-5117] Slows down the
risk from guard rotation and backports several important
fixes from the Tor 0.2.5 alpha release series.
- Major features :
- Clients now look at the 'usecreatefast' consensus
parameter to decide whether to use CREATE_FAST or CREATE
cells for the first hop of their circuit. This approach
can improve security on connections where Tor's circuit
handshake is stronger than the available TLS connection
security levels, but the tradeoff is more computational
load on guard relays.
- Make the number of entry guards configurable via a new
NumEntryGuards consensus parameter, and the number of
directory guards configurable via a new
NumDirectoryGuards consensus parameter.
- Major bugfixes :
- Fix a bug in the bounds-checking in the 32-bit
curve25519-donna implementation that caused incorrect
results on 32-bit implementations when certain malformed
inputs were used along with a small class of private
ntor keys.
- Minor bugfixes :
- Warn and drop the circuit if we receive an inbound
'relay early' cell.
- Correct a confusing error message when trying to extend
a circuit via the control protocol but we don't know a
descriptor or microdescriptor for one of the specified
relays.
- Avoid an illegal read from stack when initializing the
TLS module using a version of OpenSSL without all of the
ciphers used by the v2 link handshake."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=889688"
);
script_set_attribute(
attribute:"see_also",
value:"https://lists.opensuse.org/opensuse-updates/2014-08/msg00006.html"
);
script_set_attribute(attribute:"solution", value:"Update the affected tor packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tor");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tor-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tor-debugsource");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
script_set_attribute(attribute:"patch_publication_date", value:"2014/07/31");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/12");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE12\.3|SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.3 / 13.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE12.3", reference:"tor-0.2.4.23-2.12.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"tor-debuginfo-0.2.4.23-2.12.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"tor-debugsource-0.2.4.23-2.12.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"tor-0.2.4.23-5.12.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"tor-debuginfo-0.2.4.23-5.12.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"tor-debugsource-0.2.4.23-5.12.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tor / tor-debuginfo / tor-debugsource");
}