Bug ID 1207110
Summary VUL-0: tor: The SafeSocks option for SOCKS4(a) is inverted leading to SOCKS4 going through (TROVE-2022-002)
Classification openSUSE
Product openSUSE Distribution
Version Leap 15.4
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Security
Assignee bwiedemann@suse.com
Reporter Andreas.Stieger@gmx.de
QA Contact security-team@suse.de
Found By ---
Blocker ---

It was discovered that tor before 0.4.5.16 / 0.4.7.13 had an inverted logic for
the SafeSocks options for SOCKS4 and SOCKS4a. The could load to tor client
users who relied on the "SafeSocks 1" option to avoid DNS leaks to have unsafe
Tor traffic. The incorrect implementation would let the unsafe SOCKS4 pass but
not the safe SOCKS4a one.

References:
https://gitlab.torproject.org/tpo/core/tor/-/issues/40730
https://gitlab.torproject.org/tpo/core/tor/-/commit/a282145b3634547ab84ccd959d0537c021ff7ffc
https://hackerone.com/bugs?subject=torproject&report_id=1784589
https://lists.torproject.org/pipermail/tor-announce/2023-January/000261.html
https://forum.torproject.net/t/stable-release-0-4-5-16-and-0-4-7-13/6216


You are receiving this mail because: