New Tor version improves security and anonymity
The developers of the Tor anonymity service have eliminated multiple security vulnerabilities in their new version 0.1.2.15. Using the now fixed vulnerabilities listed in the release notes, attackers can potentially exploit previous versions of the software to take control of Tor computers remotely, manipulate transferred data and monitor user behaviour. One of the bug fixes provides for overall improved anonymity in the Tor network.
The most critical vulnerability affects BSD users who use Tor in combination with the NAT daemon natd. According to the developers, a buffer overflow can occur due to a programming error in Tor's natd handling code, which can potentially be exploited to inject malicious code. The current version of Tor, when operated as a proxy, also does not signal the reason for ending a circuit among the participating nodes any more. Now the behaviour is in accordance with the protocol specifications, as involved Tor routers could use the information to track user behaviour.
Another vulnerability, this time in the processing of stream IDs, has been eliminated, which may potentially enable Tor routers to manipulate data in forwarded connections. The fourth bug fix makes sure that a Tor proxy's local list of mandatory entry nodes, which is also known as "guard list", is not unnecessarily extended to include further nodes. The smaller the guard list, the lower the overall probability of finding a compromised system in both a circuit's entry and exit node – the most prominent attack scenario against anonymity in the Tor network.
In addition to the security-relevant problems, various general programming bugs have been eliminated, which at worst can cause the program to crash. The developers advise all Tor users to update to the new version.