CVE-2007-4099

Tor before 0.1.2.15 can select a guard node beyond the first listed never-before-connected-to guard node, which allows remote attackers with control of certain guard nodes to obtain sensitive information and possibly leverage further attacks.

CVSS v2.0 5.8 MEDIUM

5.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:P

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://archives.seul.org/or/announce/Jul-2007/msg00000.html	Patch
http://osvdb.org/46971
http://secunia.com/advisories/26140	Patch Vendor Advisory
http://www.securityfocus.com/bid/25035	Patch
http://www.vupen.com/english/advisories/2007/2634

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:tor:tor:0.1.0.10:::::::*
	cpe:2.3:a:tor:tor:0.1.0.11:::::::*
	cpe:2.3:a:tor:tor:0.1.0.12:::::::*
	cpe:2.3:a:tor:tor:0.1.0.13:::::::*
	cpe:2.3:a:tor:tor:0.1.0.14:::::::*
	cpe:2.3:a:tor:tor:0.1.0.18:::::::*
	cpe:2.3:a:tor:tor:0.1.1.1_alpha:::::::*
	cpe:2.3:a:tor:tor:0.1.1.2_alpha:::::::*
	cpe:2.3:a:tor:tor:0.1.1.3_alpha:::::::*
	cpe:2.3:a:tor:tor:0.1.1.4_alpha:::::::*
	cpe:2.3:a:tor:tor:0.1.1.5_alpha:::::::*
	cpe:2.3:a:tor:tor:0.1.1.20:::::::*
	cpe:2.3:a:tor:tor:0.1.1.23:::::::*
	cpe:2.3:a:tor:tor:0.1.2.1_alpha-cvs:::::::*
	cpe:2.3:a:tor:tor:0.1.2.14:::::::*

History

No history.

Information

Published : 2007-07-30 21:17

Updated : 2024-02-28 11:01

NVD link : CVE-2007-4099

Mitre link : CVE-2007-4099

CVE.ORG link : CVE-2007-4099

JSON object : View

Products Affected

tor

tor

CWE

NVD-CWE-Other

{"id": "CVE-2007-4099", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-07-30T21:17:00.000", "references": [{"url": "http://archives.seul.org/or/announce/Jul-2007/msg00000.html", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/46971", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/26140", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/25035", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/2634", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Tor before 0.1.2.15 can select a guard node beyond the first listed never-before-connected-to guard node, which allows remote attackers with control of certain guard nodes to obtain sensitive information and possibly leverage further attacks."}, {"lang": "es", "value": "Tor anterior a 0.1.2.15 podr\u00eda seleccionar un nodo guard\u00eda m\u00e1s all\u00e1 del nodo protector\r\nnunca-antes-conectar-a, el cual podr\u00eda permitir a atacantes remotos con control sobre ciertos nodos guarda obtener informaci\u00f3n sensible y posiblemente llevar a cabo ataques adicionales."}], "lastModified": "2011-03-08T02:57:48.347", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tor:tor:0.1.0.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C04309D4-FEA8-47EA-BB9A-8CBD341B475F"}, {"criteria": "cpe:2.3:a:tor:tor:0.1.0.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8607F3C9-F185-4B87-8A1B-B9495A4F244D"}, {"criteria": "cpe:2.3:a:tor:tor:0.1.0.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "525A0E09-D4CF-42AA-8EB2-47E0E6CBA179"}, {"criteria": "cpe:2.3:a:tor:tor:0.1.0.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "667201BB-5FDA-4E51-B865-0AF8507DBCDA"}, {"criteria": "cpe:2.3:a:tor:tor:0.1.0.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1BA7280-1DF3-4A98-AFD2-C67406A32EA2"}, {"criteria": "cpe:2.3:a:tor:tor:0.1.0.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4E6BA17-6AE9-45ED-A8C3-F79463F427BE"}, {"criteria": "cpe:2.3:a:tor:tor:0.1.1.1_alpha:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "811CE708-CEE6-4B0F-98E5-E138C06EA382"}, {"criteria": "cpe:2.3:a:tor:tor:0.1.1.2_alpha:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6860F802-FEC2-449A-A5FC-AFACCA8633CC"}, {"criteria": "cpe:2.3:a:tor:tor:0.1.1.3_alpha:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4CA23F0-7C49-430E-AD20-7C7BDCC1EEC8"}, {"criteria": "cpe:2.3:a:tor:tor:0.1.1.4_alpha:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4D9E677-01D2-4800-82AA-F5585475D500"}, {"criteria": "cpe:2.3:a:tor:tor:0.1.1.5_alpha:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C589D4F-60B3-450B-860A-9975BB47BBE2"}, {"criteria": "cpe:2.3:a:tor:tor:0.1.1.20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "342D2B8A-A832-4CAB-9389-93764B0DE241"}, {"criteria": "cpe:2.3:a:tor:tor:0.1.1.23:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F0A70AA-931A-4906-B4AD-D56E90683716"}, {"criteria": "cpe:2.3:a:tor:tor:0.1.2.1_alpha-cvs:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "197BFA5D-8C65-4F59-B4A0-B6AB7B11EC07"}, {"criteria": "cpe:2.3:a:tor:tor:0.1.2.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EFC7477A-5DDA-42A6-828E-A818CCF208B7"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}