CVSS: 10.0EPSS: 0%CPEs: 30EXPL: 0CVE-2009-0939
https://notcve.org/view.php?id=CVE-2009-0939
Tor before 0.2.0.34 treats incomplete IPv4 addresses as valid, which has unknown impact and attack vectors related to "Spec conformance," as demonstrated using 192.168.0. Tor anterior a v0.2.0.34 trata direcciones IPv4 incompletas como validas, lo que tiene un impacto desconocido y vectores de ataque relacionados con "Spec conformance," como se ha demostrado utilizando 192.168.0. • http://archives.seul.org/or/announce/Feb-2009/msg00000.html http://secunia.com/advisories/33880 http://secunia.com/advisories/34583 http://security.gentoo.org/glsa/glsa-200904-11.xml http://www.securityfocus.com/bid/33713 •
CVSS: 5.1EPSS: 0%CPEs: 33EXPL: 1CVE-2009-0654
https://notcve.org/view.php?id=CVE-2009-0654
Tor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote attackers, with control of an entry router and an exit router, to confirm that a sender and receiver are communicating via vectors involving (1) replaying, (2) modifying, (3) inserting, or (4) deleting a single cell, and then observing cell recognition errors at the exit router. NOTE: the vendor disputes the significance of this issue, noting that the product's design "accepted end-to-end correlation as an attack that is too expensive to solve." Tor v0.2.0.28, y posiblemente v0.2.0.34 y anteriores, permite a atacantes remotos, con el control de un enrutador de salida y otro de entrada, confirmar que un receptor y un remitente estan comunicandose a traves de los vectores (1) replaying, (2) modifying, (3) inserting, or (4) deleting a single cell, y despues observar los errores de reconocimiento de celula en el enrutador de salida. NOTA: El vendedor no esta de acuerda con la importancia de este hecho. • http://blog.torproject.org/blog/one-cell-enough http://www.blackhat.com/html/bh-dc-09/bh-dc-09-archives.html#Fu http://www.blackhat.com/presentations/bh-dc-09/Fu/BlackHat-DC-09-Fu-Break-Tors-Anonymity.pdf •
CVSS: 10.0EPSS: 1%CPEs: 160EXPL: 1CVE-2009-0414
https://notcve.org/view.php?id=CVE-2009-0414
Unspecified vulnerability in Tor before 0.2.0.33 has unspecified impact and remote attack vectors that trigger heap corruption. Vulnerabilidad sin especificar en Tor anterior a v0.2.0.33 tiene un impacto y vectores de ataque desconocidos que lanzan una corrupción de montículo (heap). • http://archives.seul.org/or/announce/Jan-2009/msg00000.html http://blog.torproject.org/blog/tor-0.2.0.33-stable-released http://secunia.com/advisories/33635 http://secunia.com/advisories/33677 http://secunia.com/advisories/34583 http://security.gentoo.org/glsa/glsa-200904-11.xml http://www.securityfocus.com/bid/33399 http://www.securitytracker.com/id?1021633 http://www.vupen.com/english/advisories/2009/0210 https://www.redhat.com/archives/fedora-package-announce/2009-Janu • CWE-399: Resource Management Errors •
CVSS: 7.2EPSS: 0%CPEs: 100EXPL: 0CVE-2008-5397
https://notcve.org/view.php?id=CVE-2008-5397
Tor before 0.2.0.32 does not properly process the (1) User and (2) Group configuration options, which might allow local users to gain privileges by leveraging unintended supplementary group memberships of the Tor process. Tor anterior a v0.2.32 no procesa adecuadamente la configuración de las opciones de (1)usuario (User) y (2) Grupo (group), lo que permitiría a usuarios locales obtener privilegios aprovechando la pertenencia a grupos creados por defecto en los procesos de Tor. • http://blog.torproject.org/blog/tor-0.2.0.32-released http://secunia.com/advisories/33025 http://secunia.com/advisories/34583 http://security.gentoo.org/glsa/glsa-200904-11.xml http://www.securityfocus.com/bid/32648 http://www.vupen.com/english/advisories/2008/3366 https://exchange.xforce.ibmcloud.com/vulnerabilities/47101 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 0%CPEs: 100EXPL: 0CVE-2008-5398
https://notcve.org/view.php?id=CVE-2008-5398
Tor before 0.2.0.32 does not properly process the ClientDNSRejectInternalAddresses configuration option in situations where an exit relay issues a policy-based refusal of a stream, which allows remote exit relays to have an unknown impact by mapping an internal IP address to the destination hostname of a refused stream. Tor anterior a v0.2.0.32 no procesa adecuadamente la opción de configuración ClientDNSRejectInternalAddresses en situaciones donde una cuestión en la salida de transmisión de una política que deniega el flujo, puede permitir a flujos de salida remotos tener un impacto desconocido mediante el mapeo de una dirección IP interna hacia el nombre de host destino de una flujo denegado. • http://blog.torproject.org/blog/tor-0.2.0.32-released http://secunia.com/advisories/33025 http://secunia.com/advisories/34583 http://security.gentoo.org/glsa/glsa-200904-11.xml http://www.securityfocus.com/bid/32648 http://www.vupen.com/english/advisories/2008/3366 https://exchange.xforce.ibmcloud.com/vulnerabilities/47102 • CWE-264: Permissions, Privileges, and Access Controls •