Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2012-3519

routerlist.c in Tor before 0.2.2.38 uses a different amount of time for relay-list iteration depending on which relay is chosen, which might allow remote attackers to obtain sensitive information about relay selection via a timing side-channel attack.

Related bugs and status

CVE-2012-3519 (Candidate) is related to these bugs:

Bug #1039560: <tor-0.2.2.38 : Multiple vulnerabilites

		In	Importance	Status
1039560	<tor-0.2.2.38 : Multiple vulnerabilites	tor (Ubuntu)	Undecided	Fix Released
1039560	<tor-0.2.2.38 : Multiple vulnerabilites	Gentoo Linux	Low	Fix Released
1039560	<tor-0.2.2.38 : Multiple vulnerabilites	tor (Ubuntu Precise)	Undecided	Won't Fix
1039560	<tor-0.2.2.38 : Multiple vulnerabilites	tor (Ubuntu Quantal)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2012082...
MLIST: [tor-announce] 2012081...
CONFIRM: https://gitweb.torproj...
CONFIRM: https://gitweb.torproj...
CONFIRM: https://trac.torprojec...
SUSE: openSUSE-SU-2012:1068
SECUNIA: 50583
GENTOO: GLSA-201301-03