CVE-2006-3414
https://notcve.org/view.php?id=CVE-2006-3414
Tor before 0.1.1.20 supports server descriptors that contain hostnames instead of IP addresses, which allows remote attackers to arbitrarily group users by providing preferential address resolution. Tor anterior a 0.1.1.20 soporta descriptores de servidor que contienen nombres de equipos en lugar de direcciones IP, lo que permite a los atacantes remotos, agrupar usuarios de forma arbitraria, facilitando la resolución de direcciones preferencial. • http://secunia.com/advisories/20514 http://security.gentoo.org/glsa/glsa-200606-04.xml http://tor.eff.org/cvs/tor/ChangeLog http://www.osvdb.org/25877 •
CVE-2006-3408
https://notcve.org/view.php?id=CVE-2006-3408
Unspecified vulnerability in the directory server (dirserver) in Tor before 0.1.1.20 allows remote attackers to cause an unspecified denial of service via unknown vectors. Vulnerabilidad sin especificar en el servidor de directorios (dirserver) en Tor antes de 0.1.1.20 permite a atacantes remotos provocar una denegación de servicio no especificada a través de vectores desconocidos. • http://secunia.com/advisories/20277 http://secunia.com/advisories/20514 http://security.gentoo.org/glsa/glsa-200606-04.xml http://tor.eff.org/cvs/tor/ChangeLog http://www.osvdb.org/25883 http://www.securityfocus.com/bid/18323 https://exchange.xforce.ibmcloud.com/vulnerabilities/26794 •
CVE-2006-3409
https://notcve.org/view.php?id=CVE-2006-3409
Integer overflow in Tor before 0.1.1.20 allows remote attackers to execute arbitrary code via crafted large inputs, which result in a buffer overflow when elements are added to smartlists. Desbordamiento de entero en Tor versiones anteriores a la 0.1.1.20, permite a atacantes remotos ejecutar código de su elección a través de entradas largas manipuladas, lo cual provoca un desbordamiento de búfer cuando se añaden elementos a las smartlists • http://secunia.com/advisories/20277 http://secunia.com/advisories/20514 http://security.gentoo.org/glsa/glsa-200606-04.xml http://tor.eff.org/cvs/tor/ChangeLog http://www.securityfocus.com/bid/18323 https://exchange.xforce.ibmcloud.com/vulnerabilities/26795 •
CVE-2006-3415
https://notcve.org/view.php?id=CVE-2006-3415
Tor before 0.1.1.20 uses improper logic to validate the "OR" destination, which allows remote attackers to perform a man-in-the-middle (MITM) attack via unspecified vectors. Tor versiones anteriores a 0.1.1.20 utiliza una lógica inapropiada para validar el destino "OR", lo cual permite a atacantes remotos llevar a cabo un ataque man-in-the-middle (MITM) a través de vectores no especificados. • http://secunia.com/advisories/20514 http://security.gentoo.org/glsa/glsa-200606-04.xml http://tor.eff.org/cvs/tor/ChangeLog http://www.osvdb.org/25878 •
CVE-2006-3418
https://notcve.org/view.php?id=CVE-2006-3418
Tor before 0.1.1.20 does not validate that a server descriptor's fingerprint line matches its identity key, which allows remote attackers to spoof the fingerprint line, which might be trusted by users or other applications. • http://secunia.com/advisories/20514 http://security.gentoo.org/glsa/glsa-200606-04.xml http://tor.eff.org/cvs/tor/ChangeLog http://www.osvdb.org/25881 •