Opened 6 months ago

Closed 6 months ago

#22740 closed defect (not a bug)

vulnerability allows you to access not-specified port from tor client

Reported by: cypherpunks Owned by:
Priority: Medium Milestone:
Component: Core Tor/Tor Version:
Severity: Minor Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

null-byte.wonderhowto.com/how-to/hack-tor-hidden-services-0166673/

If I have "Hiddenservice 80 127.0.0.1:80" only, I expect
no one access to not-80 ports. Isn't this a vulnerability?

Child Tickets

Change History (3)

comment:1 Changed 6 months ago by arma

Priority: ImmediateMedium
Severity: CriticalMinor

No, I'm sorry, I think you are misunderstanding the article.

In that article, I don't see any situations where the Tor client is able to induce the Tor process at the hidden service end to make a connection to any address other than 127.0.0.1:80.

(The article mentions making connections to 127.0.0.1:8000, but that is on the *client* side. Those are two different 127.0.0.1's they're talking about.)

comment:2 Changed 6 months ago by arma

The summary of the article, for those following along at home, is: "If you run a crappy webserver and make it reachable via a hidden service, people can talk to it, including sending it http level attacks."

comment:3 Changed 6 months ago by nickm

Resolution: not a bug
Status: newclosed

Closing, given arma's summary. Please reopen if there is actually a tor bug here.

Note: See TracTickets for help on using tickets.