CVE-2009-0938
https://notcve.org/view.php?id=CVE-2009-0938
Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirrors to cause a denial of service (exit node crash) via "malformed input." Vulnerabilidad no especificada en Tor anterior a v0.2.0.34 permite replicaciones de directorios que provocan una denegación de servicio (caída de nodo de salida) a través "entrada malformada". • http://archives.seul.org/or/announce/Feb-2009/msg00000.html http://secunia.com/advisories/33880 http://secunia.com/advisories/34583 http://security.gentoo.org/glsa/glsa-200904-11.xml http://www.securityfocus.com/bid/33713 https://exchange.xforce.ibmcloud.com/vulnerabilities/49323 •
CVE-2009-0939
https://notcve.org/view.php?id=CVE-2009-0939
Tor before 0.2.0.34 treats incomplete IPv4 addresses as valid, which has unknown impact and attack vectors related to "Spec conformance," as demonstrated using 192.168.0. Tor anterior a v0.2.0.34 trata direcciones IPv4 incompletas como validas, lo que tiene un impacto desconocido y vectores de ataque relacionados con "Spec conformance," como se ha demostrado utilizando 192.168.0. • http://archives.seul.org/or/announce/Feb-2009/msg00000.html http://secunia.com/advisories/33880 http://secunia.com/advisories/34583 http://security.gentoo.org/glsa/glsa-200904-11.xml http://www.securityfocus.com/bid/33713 •
CVE-2009-0937
https://notcve.org/view.php?id=CVE-2009-0937
Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirrors to cause a denial of service via unknown vectors. Vulnerabilidad no especificada en Tor anterior a v0.2.0.34 permite replicaciones de directorio que provocan una denegación de servicio a través de vectores desconocidos. • http://archives.seul.org/or/announce/Feb-2009/msg00000.html http://secunia.com/advisories/33880 http://secunia.com/advisories/34583 http://security.gentoo.org/glsa/glsa-200904-11.xml http://www.securityfocus.com/bid/33713 •
CVE-2009-0936
https://notcve.org/view.php?id=CVE-2009-0936
Unspecified vulnerability in Tor before 0.2.0.34 allows attackers to cause a denial of service (infinite loop) via "corrupt votes." Vulnerabilidad no especificada en Tor anterior a v0.2.0.34 permite a atacantes provocar una denegación de servicio (bucle infinito) a través de "votos corruptos". • http://archives.seul.org/or/announce/Feb-2009/msg00000.html http://secunia.com/advisories/33880 http://secunia.com/advisories/34583 http://security.gentoo.org/glsa/glsa-200904-11.xml http://www.securityfocus.com/bid/33713 •
CVE-2009-0654
https://notcve.org/view.php?id=CVE-2009-0654
Tor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote attackers, with control of an entry router and an exit router, to confirm that a sender and receiver are communicating via vectors involving (1) replaying, (2) modifying, (3) inserting, or (4) deleting a single cell, and then observing cell recognition errors at the exit router. NOTE: the vendor disputes the significance of this issue, noting that the product's design "accepted end-to-end correlation as an attack that is too expensive to solve." Tor v0.2.0.28, y posiblemente v0.2.0.34 y anteriores, permite a atacantes remotos, con el control de un enrutador de salida y otro de entrada, confirmar que un receptor y un remitente estan comunicandose a traves de los vectores (1) replaying, (2) modifying, (3) inserting, or (4) deleting a single cell, y despues observar los errores de reconocimiento de celula en el enrutador de salida. NOTA: El vendedor no esta de acuerda con la importancia de este hecho. • http://blog.torproject.org/blog/one-cell-enough http://www.blackhat.com/html/bh-dc-09/bh-dc-09-archives.html#Fu http://www.blackhat.com/presentations/bh-dc-09/Fu/BlackHat-DC-09-Fu-Break-Tors-Anonymity.pdf •