Test ID:	1.3.6.1.4.1.25623.1.0.802300
Category:	Denial of Service
Title:	Tor Directory Authority 'policy_summarize' Denial of Service Vulnerability - Windows
Summary:	Tor is prone to a buffer overflow vulnerability.
Description:	Summary: Tor is prone to a buffer overflow vulnerability. Vulnerability Insight: The flaw is caused by a boundary error within the policy_summarize function in Tor, which can be exploited to crash a Tor directory authority. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts will likely result in denial-of-service conditions. Affected Software/OS: Tor version prior to 0.2.1.30 on Windows. Solution: Upgrade to Tor version 0.2.1.30 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1924 43548 http://secunia.com/advisories/43548 44862 http://secunia.com/advisories/44862 46618 http://www.securityfocus.com/bid/46618 FEDORA-2011-7972 http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061258.html [tor-announce] 20110228 Tor 0.2.1.30 is released https://lists.torproject.org/pipermail/tor-announce/2011-February/000000.html https://bugzilla.redhat.com/show_bug.cgi?id=705192 https://bugzilla.redhat.com/show_bug.cgi?id=705194 https://gitweb.torproject.org/tor.git/commit/43414eb98821d3b5c6c65181d7545ce938f82c8e
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.