CVSS: 5.9EPSS: 0%CPEs: 31EXPL: 0CVE-2017-0380
https://notcve.org/view.php?id=CVE-2017-0380
The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by leveraging access to the log files of a hidden service, because uninitialized stack data is included in an error message about construction of an introduction point circuit. La función rend_service_intro_established en or/rendservice.c en versiones de Tor anteriores a la 0.2.8.15, versiones 0.2.9.x anteriores a la 0.2.9.12, versiones 0.3.0.x anteriores a la 0.3.0.11, versiones 0.3.1.x anteriores a la 0.3.1.7 y versiones 0.3.2.x anteriores a la 0.3.2.1-alpha, cuando se deshabilita SafeLogging, permite a los atacantes obtener información sensible mediante el acceso al archivo de registro de un servicio oculto. Esto se debe a que los datos de la pila sin inicializar se incluyen en un mensaje de error sobre el punto de entrada a la red. • http://www.debian.org/security/2017/dsa-3993 http://www.securitytracker.com/id/1039519 https://github.com/torproject/tor/commit/09ea89764a4d3a907808ed7d4fe42abfe64bd486 https://trac.torproject.org/projects/tor/ticket/23490 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2017-0377
https://notcve.org/view.php?id=CVE-2017-0377
Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families. Las versiones 0.3.x de Tor anteriores a la 0.3.0.9 cuentan con un algoritmo de selección de restricciones que solo considera el exit relay (no la familia del exit relay), lo que podría permitir que atacantes remotos superen las propiedades de anonimato planeadas aprovechando la existencia de grandes familias. • https://blog.torproject.org/blog/tor-0309-released-security-update-clients https://blog.torproject.org/blog/tor-0314-alpha-released-security-update-clients https://github.com/torproject/tor/commit/665baf5ed5c6186d973c46cdea165c0548027350 https://security-tracker.debian.org/CVE-2017-0377 https://trac.torproject.org/projects/tor/ticket/22753 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-0375
https://notcve.org/view.php?id=CVE-2017-0375
The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the relay_send_end_cell_from_edge_ function via a malformed BEGIN cell. La función de servicio oculto en Tor antes de la versión 0.3.0.8 permite una denegación de servicio (fallo de aserción y salida de demonio) en la función relay_send_end_cell_from_edge_ a través de una llamada BEGIN con formato incorrecto. • http://www.securityfocus.com/bid/99017 https://github.com/torproject/tor/commit/79b59a2dfcb68897ee89d98587d09e55f07e68d7 https://lists.torproject.org/pipermail/tor-announce/2017-June/000131.html https://trac.torproject.org/projects/tor/ticket/22493 • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-0376
https://notcve.org/view.php?id=CVE-2017-0376
The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the connection_edge_process_relay_cell function via a BEGIN_DIR cell on a rendezvous circuit. La función de servicio oculto en Tor antes de la versión 0.3.0.8 permite una denegación de servicio (fallo de aserción y salida de demonio) en la función connection_edge_process_relay_cell a través de una célula BEGIN_DIR en un circuito de rendezvous • http://www.debian.org/security/2017/dsa-3877 https://github.com/torproject/tor/commit/56a7c5bc15e0447203a491c1ee37de9939ad1dcd https://lists.torproject.org/pipermail/tor-announce/2017-June/000131.html https://trac.torproject.org/projects/tor/ticket/22494 • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 4%CPEs: 5EXPL: 0CVE-2016-8860
https://notcve.org/view.php?id=CVE-2016-8860
Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal functions that were entitled to expect that buf_t data had NUL termination, but the implementation of or/buffers.c did not ensure that NUL termination was present, which allows remote attackers to cause a denial of service (client, hidden service, relay, or authority crash) via crafted data. Tor en versiones anteriores a 0.2.8.9 y 0.2.9.x en versiones anteriores a 0.2.9.4-alpha tenía funciones internas autorizadas a esperar que buf_t data tenía terminación NUL, pero la implementación de or/buffers.c no aseguró que la terminación NUL estuviera presente, lo que permite a atacantes remotos provocar una denegación de servicio (cliente, servicio oculto, transmisión, o caída de autoridad) a través de datos manipulados. • http://openwall.com/lists/oss-security/2016/10/19/11 http://www.debian.org/security/2016/dsa-3694 http://www.securityfocus.com/bid/95116 https://blog.torproject.org/blog/tor-0289-released-important-fixes https://github.com/torproject/tor/commit/3cea86eb2fbb65949673eb4ba8ebb695c87a57ce https://security.gentoo.org/glsa/201612-45 https://trac.torproject.org/projects/tor/ticket/20384 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •