CVE-2006-6893

{"id": "CVE-2006-6893", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-12-31T05:00:00.000", "references": [{"url": "http://events.ccc.de/congress/2006/Fahrplan/events/1513.en.html", "source": "cve@mitre.org"}, {"url": "http://www.cl.cam.ac.uk/~sjm217/papers/ccs06hotornot.pdf", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.lightbluetouchpaper.org/2006/09/04/hot-or-not-revealing-hidden-services-by-their-clock-skew/", "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Tor allows remote attackers to discover the IP address of a hidden service by accessing this service at a high rate, thereby changing the server's CPU temperature and consequently changing the pattern of time values visible through (1) ICMP timestamps, (2) TCP sequence numbers, and (3) TCP timestamps, a different vulnerability than CVE-2006-0414. NOTE: it could be argued that this is a laws-of-physics vulnerability that is a fundamental design limitation of certain hardware implementations, so perhaps this issue should not be included in CVE."}, {"lang": "es", "value": "Tor permite a atacantes remotos descubrir la direcci\u00f3n IP de un servicio oculto accediendo a este servicio a un alto ritmo de repetici\u00f3n, y por tanto cambiando la temperatura de la CPU y consecuentemente cambiando el patr\u00f3n de valores de tiempo visibles a trav\u00e9s de (1) marcas de tiempo ICMP, (2) n\u00fameros de secuencia TCP, y (3) marcas de tiempo TCP, una vulnerabilidad distinta de CVE-2006-0414. NOTA: podr\u00eda argumentarse que esto es una vulnerabilidad de las leyes de la f\u00edsica que es una limitaci\u00f3n fundamental de dise\u00f1o de determinadas implementaciones de hardware, por tanto quiz\u00e1s este problema no deber\u00eda ser incluido en CVE."}], "lastModified": "2008-09-05T21:15:53.623", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tor:tor:0.1.1.26:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB51EE46-D720-4C1F-8992-67F4422E43CB"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}