Executive Summary
Summary | |
---|---|
Title | Tor: Multiple vulnerabilities |
Informations | |||
---|---|---|---|
Name | GLSA-200904-11 | First vendor Publication | 2009-04-08 |
Vendor | Gentoo | Last vendor Modification | 2009-04-08 |
Severity (Vendor) | High | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis Multiple vulnerabilities in Tor might allow for heap corruption, Denial of Service, escalation of privileges and information disclosure. Background Description * rovv reported that the "ClientDNSRejectInternalAddresses" * Ilja van Sprundel reported a heap-corruption vulnerability that might be remotely triggerable on some platforms (CVE-2009-0414). * It has been reported that incomplete IPv4 addresses are treated as valid, violating the specification (CVE-2009-0939). * Three unspecified vulnerabilities have also been reported (CVE-2009-0936, CVE-2009-0937, CVE-2009-0938). Impact Workaround Resolution References Availability http://security.gentoo.org/glsa/glsa-200904-11.xml |
Original Source
Url : http://security.gentoo.org/glsa/glsa-200904-11.xml |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
67 % | CWE-264 | Permissions, Privileges, and Access Controls |
33 % | CWE-399 | Resource Management Errors |
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-04-15 | Name : Gentoo Security Advisory GLSA 200904-11 (tor) File : nvt/glsa_200904_11.nasl |
2009-02-13 | Name : FreeBSD Ports: tor File : nvt/freebsd_tor4.nasl |
2009-02-06 | Name : Tor Unspecified Remote Memory Corruption Vulnerability (Linux) File : nvt/gb_tor_mem_crptn_vuln_lin.nasl |
2009-02-06 | Name : Tor Unspecified Remote Memory Corruption Vulnerability (Win) File : nvt/gb_tor_mem_crptn_vuln_win.nasl |
2009-02-02 | Name : FreeBSD Ports: tor File : nvt/freebsd_tor3.nasl |
2009-01-26 | Name : Fedora Core 9 FEDORA-2009-0897 (tor) File : nvt/fcore_2009_0897.nasl |
2009-01-26 | Name : Fedora Core 10 FEDORA-2009-0917 (tor) File : nvt/fcore_2009_0917.nasl |
2008-12-31 | Name : TOR Privilege Escalation Vulnerability (Linux) File : nvt/secpod_tor_privilege_escalation_lin.nasl |
2008-12-31 | Name : TOR Privilege Escalation Vulnerability (Win) File : nvt/secpod_tor_privilege_escalation_win.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
54024 | Tor Incomplete IPv4 Address Spec Conformance Unspecified Issue |
54023 | Tor Directory Mirrors Malformed Input Exit Node Crash DoS |
54022 | Tor Directory Mirrors Unspecified DoS |
54021 | Tor Corrupt Votes Unspecified Infinite Loop DoS |
51569 | Tor Unspecified Memory Corruption |
50442 | Tor ClientDNSRejectInternalAddresses Bypass |
50441 | Tor User/Group Credential Switching Weakness |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-04-11 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200904-11.nasl - Type : ACT_GATHER_INFO |
2009-02-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_78f5606bf9d111ddb79c0030843d3802.nasl - Type : ACT_GATHER_INFO |
2009-02-01 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_100a9ed2ee5611ddab4f0030843d3802.nasl - Type : ACT_GATHER_INFO |
2009-01-26 | Name : The remote Fedora host is missing a security update. File : fedora_2009-0897.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:36:29 |
|