TOR, an implementation of second generation Onion Routing, vulnerable to multiple vulnerabilities . The critical one of which may allows a remote attacker to execute arbitrary code.
A remote attacker could possibly execute arbitrary code or cause a Denial of Service by exploiting the vulnerability. Furthermore, a remote relay the user is directly connected to may be able to disclose anonymous information about that user or enumerate bridges in the user's connection.
According to the Gentoo Linux Advisory, the following vulnerabilities have been found in TOR:
- When configured as client or bridge, Tor uses the same TLS certificate chain for all outgoing connections (CVE-2011-2768).
- When configured as a bridge, Tor relays can distinguish incoming bridge connections from client connections (CVE-2011-2769).
- An error in or/buffers.c could result in a heap-based buffer overflow (CVE-2011-2778).
