CVE-2010-0385
https://notcve.org/view.php?id=CVE-2010-0385
Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, when functioning as a bridge directory authority, allows remote attackers to obtain sensitive information about bridge identities and bridge descriptors via a dbg-stability.txt directory query. Tor anterior a v0.2.1.22, y 0.2.2.x anteriores a v0.2.2.7-alpha, cuando funciona como autoridad de directorio puente, permite a atacantes remotos obtener información sensible acerca de las identidades y descriptores puente a través de una consulta al directorio dbg-stability.txt. • http://archives.seul.org/or/announce/Jan-2010/msg00000.html http://archives.seul.org/or/talk/Jan-2010/msg00162.html http://secunia.com/advisories/38198 http://www.osvdb.org/61865 http://www.securityfocus.com/bid/37901 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2009-2425
https://notcve.org/view.php?id=CVE-2009-2425
Tor before 0.2.0.35 allows remote attackers to cause a denial of service (application crash) via a malformed router descriptor. Tor anterior a v0.2.0.35 permite a atacantes remotos provocar una denegación de servicio (cuelgue de aplicación) a través de un descriptor de enrutador (router) malformado. • http://archives.seul.org/or/announce/Jun-2009/msg00000.html http://secunia.com/advisories/35546 http://www.osvdb.org/55340 http://www.securityfocus.com/bid/35505 http://www.vupen.com/english/advisories/2009/1716 https://exchange.xforce.ibmcloud.com/vulnerabilities/51376 • CWE-20: Improper Input Validation •
CVE-2009-2426
https://notcve.org/view.php?id=CVE-2009-2426
The connection_edge_process_relay_cell_not_open function in src/or/relay.c in Tor 0.2.x before 0.2.0.35 and 0.1.x before 0.1.2.8-beta allows exit relays to have an unspecified impact by causing controllers to accept DNS responses that redirect to an internal IP address via unknown vectors. NOTE: some of these details are obtained from third party information. La función connection_edge_process_relay_cell_not_open en src/or/relay.c en Tor v0.2.x anterior a v0.2.0.35 y v0.1.x anterior a v0.1.2.8-beta permite a los retransmisores (relays) de salida tener un impacto no especificado al provocar que los controladores acepten respuestas DNS que redirigen a direcciones IP internas a traves de vectores desconocidos. NOTA: algunos de estos detalles se obtienen a partir de información de terceros. • http://archives.seul.org/or/announce/Jun-2009/msg00000.html http://secunia.com/advisories/35546 http://www.osvdb.org/55341 http://www.securityfocus.com/bid/35505 http://www.vupen.com/english/advisories/2009/1716 https://exchange.xforce.ibmcloud.com/vulnerabilities/51377 •
CVE-2009-0938
https://notcve.org/view.php?id=CVE-2009-0938
Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirrors to cause a denial of service (exit node crash) via "malformed input." Vulnerabilidad no especificada en Tor anterior a v0.2.0.34 permite replicaciones de directorios que provocan una denegación de servicio (caída de nodo de salida) a través "entrada malformada". • http://archives.seul.org/or/announce/Feb-2009/msg00000.html http://secunia.com/advisories/33880 http://secunia.com/advisories/34583 http://security.gentoo.org/glsa/glsa-200904-11.xml http://www.securityfocus.com/bid/33713 https://exchange.xforce.ibmcloud.com/vulnerabilities/49323 •
CVE-2009-0939
https://notcve.org/view.php?id=CVE-2009-0939
Tor before 0.2.0.34 treats incomplete IPv4 addresses as valid, which has unknown impact and attack vectors related to "Spec conformance," as demonstrated using 192.168.0. Tor anterior a v0.2.0.34 trata direcciones IPv4 incompletas como validas, lo que tiene un impacto desconocido y vectores de ataque relacionados con "Spec conformance," como se ha demostrado utilizando 192.168.0. • http://archives.seul.org/or/announce/Feb-2009/msg00000.html http://secunia.com/advisories/33880 http://secunia.com/advisories/34583 http://security.gentoo.org/glsa/glsa-200904-11.xml http://www.securityfocus.com/bid/33713 •