Page 14 of 95 results (0.005 seconds)

CVSS: 5.0EPSS: 0%CPEs: 30EXPL: 0

Unspecified vulnerability in Tor before 0.2.0.34 allows attackers to cause a denial of service (infinite loop) via "corrupt votes." Vulnerabilidad no especificada en Tor anterior a v0.2.0.34 permite a atacantes provocar una denegación de servicio (bucle infinito) a través de "votos corruptos". • http://archives.seul.org/or/announce/Feb-2009/msg00000.html http://secunia.com/advisories/33880 http://secunia.com/advisories/34583 http://security.gentoo.org/glsa/glsa-200904-11.xml http://www.securityfocus.com/bid/33713 •

CVSS: 5.1EPSS: 0%CPEs: 33EXPL: 1

Tor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote attackers, with control of an entry router and an exit router, to confirm that a sender and receiver are communicating via vectors involving (1) replaying, (2) modifying, (3) inserting, or (4) deleting a single cell, and then observing cell recognition errors at the exit router. NOTE: the vendor disputes the significance of this issue, noting that the product's design "accepted end-to-end correlation as an attack that is too expensive to solve." Tor v0.2.0.28, y posiblemente v0.2.0.34 y anteriores, permite a atacantes remotos, con el control de un enrutador de salida y otro de entrada, confirmar que un receptor y un remitente estan comunicandose a traves de los vectores (1) replaying, (2) modifying, (3) inserting, or (4) deleting a single cell, y despues observar los errores de reconocimiento de celula en el enrutador de salida. NOTA: El vendedor no esta de acuerda con la importancia de este hecho. • http://blog.torproject.org/blog/one-cell-enough http://www.blackhat.com/html/bh-dc-09/bh-dc-09-archives.html#Fu http://www.blackhat.com/presentations/bh-dc-09/Fu/BlackHat-DC-09-Fu-Break-Tors-Anonymity.pdf •

CVSS: 10.0EPSS: 1%CPEs: 160EXPL: 1

Unspecified vulnerability in Tor before 0.2.0.33 has unspecified impact and remote attack vectors that trigger heap corruption. Vulnerabilidad sin especificar en Tor anterior a v0.2.0.33 tiene un impacto y vectores de ataque desconocidos que lanzan una corrupción de montículo (heap). • http://archives.seul.org/or/announce/Jan-2009/msg00000.html http://blog.torproject.org/blog/tor-0.2.0.33-stable-released http://secunia.com/advisories/33635 http://secunia.com/advisories/33677 http://secunia.com/advisories/34583 http://security.gentoo.org/glsa/glsa-200904-11.xml http://www.securityfocus.com/bid/33399 http://www.securitytracker.com/id?1021633 http://www.vupen.com/english/advisories/2009/0210 https://www.redhat.com/archives/fedora-package-announce/2009-Janu • CWE-399: Resource Management Errors •

CVSS: 7.2EPSS: 0%CPEs: 100EXPL: 0

Tor before 0.2.0.32 does not properly process the (1) User and (2) Group configuration options, which might allow local users to gain privileges by leveraging unintended supplementary group memberships of the Tor process. Tor anterior a v0.2.32 no procesa adecuadamente la configuración de las opciones de (1)usuario (User) y (2) Grupo (group), lo que permitiría a usuarios locales obtener privilegios aprovechando la pertenencia a grupos creados por defecto en los procesos de Tor. • http://blog.torproject.org/blog/tor-0.2.0.32-released http://secunia.com/advisories/33025 http://secunia.com/advisories/34583 http://security.gentoo.org/glsa/glsa-200904-11.xml http://www.securityfocus.com/bid/32648 http://www.vupen.com/english/advisories/2008/3366 https://exchange.xforce.ibmcloud.com/vulnerabilities/47101 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.3EPSS: 0%CPEs: 100EXPL: 0

Tor before 0.2.0.32 does not properly process the ClientDNSRejectInternalAddresses configuration option in situations where an exit relay issues a policy-based refusal of a stream, which allows remote exit relays to have an unknown impact by mapping an internal IP address to the destination hostname of a refused stream. Tor anterior a v0.2.0.32 no procesa adecuadamente la opción de configuración ClientDNSRejectInternalAddresses en situaciones donde una cuestión en la salida de transmisión de una política que deniega el flujo, puede permitir a flujos de salida remotos tener un impacto desconocido mediante el mapeo de una dirección IP interna hacia el nombre de host destino de una flujo denegado. • http://blog.torproject.org/blog/tor-0.2.0.32-released http://secunia.com/advisories/33025 http://secunia.com/advisories/34583 http://security.gentoo.org/glsa/glsa-200904-11.xml http://www.securityfocus.com/bid/32648 http://www.vupen.com/english/advisories/2008/3366 https://exchange.xforce.ibmcloud.com/vulnerabilities/47102 • CWE-264: Permissions, Privileges, and Access Controls •