Torproject Tor vulnerabilities

CVE-2006-3408 [MEDIUM] CVE-2006-3408: Unspecified vulnerability in the directory server (dirserver) in Tor before 0 Unspecified vulnerability in the directory server (dirserver) in Tor before 0.1.1.20 allows remote attackers to cause an unspecified denial of service via unknown vectors.

CVE-2006-3417 [MEDIUM] CVE-2006-3417: Tor client before 0 Tor client before 0.1.1.20 prefers entry points based on is_fast or is_stable flags, which could allow remote attackers to be preferred over nodes that are identified as more trustworthy "entry guard" (is_guard) systems by directory authorities.

CVE-2006-3416 [MEDIUM] CVE-2006-3416: Tor before 0 Tor before 0.1.1.20 kills the circuit when it receives an unrecognized relay command, which causes network circuits to be disbanded. NOTE: while this item is listed under the "Security fixes" section of the developer changelog, the developer clarified on 20060707 that this is only a self-DoS. Therefore this issue should not be included in CVE

CVE-2006-3419 [MEDIUM] CVE-2006-3419: Tor before 0 Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes (RAND_pseudo_bytes) instead of cryptographically strong RAND_bytes, and seeds the entropy value at start-up with 160-bit chunks without reseeding, which makes it easier for attackers to conduct brute force guessing attacks.

CVE-2006-3410 [MEDIUM] CVE-2006-3410: Tor before 0 Tor before 0.1.1.20 creates "internal circuits" primarily consisting of nodes with "useful exit nodes," which allows remote attackers to conduct unspecified statistical attacks.

CVE-2006-3418 [MEDIUM] CVE-2006-3418: Tor before 0 Tor before 0.1.1.20 does not validate that a server descriptor's fingerprint line matches its identity key, which allows remote attackers to spoof the fingerprint line, which might be trusted by users or other applications.

CVE-2006-3414 [MEDIUM] CVE-2006-3414: Tor before 0 Tor before 0.1.1.20 supports server descriptors that contain hostnames instead of IP addresses, which allows remote attackers to arbitrarily group users by providing preferential address resolution.

CVE-2006-3412 [MEDIUM] CVE-2006-3412: Tor before 0 Tor before 0.1.1.20 does not sufficiently obey certain firewall options, which allows remote attackers to bypass intended access restrictions for dirservers, direct connections, or proxy servers.

CVE-2006-3411 [MEDIUM] CVE-2006-3411: TLS handshakes in Tor before 0 TLS handshakes in Tor before 0.1.1.20 generate public-private keys based on TLS context rather than the connection, which makes it easier for remote attackers to conduct brute force attacks on the encryption keys.

CVE-2006-3415 [MEDIUM] CVE-2006-3415: Tor before 0 Tor before 0.1.1.20 uses improper logic to validate the "OR" destination, which allows remote attackers to perform a man-in-the-middle (MITM) attack via unspecified vectors.

CVE-2006-3407 [MEDIUM] CVE-2006-3407: Tor before 0 Tor before 0.1.1.20 allows remote attackers to spoof log entries or possibly execute shell code via strings with non-printable characters.

CVE-2006-0414 [MEDIUM] CVE-2006-0414: Tor before 0 Tor before 0.1.1.20 allows remote attackers to identify hidden services via a malicious Tor server that attempts a large number of accesses of the hidden service, which eventually causes a circuit to be built through the malicious server.

CVE-2005-2643 [MEDIUM] CVE-2005-2643: Tor 0 Tor 0.1.0.13 and earlier, and experimental versions 0.1.1.4-alpha and earlier, does not reject certain weak keys when using ephemeral Diffie-Hellman (DH) handshakes, which allows malicious Tor servers to obtain the keys that a client uses for other systems in the circuit.

CVE-2005-2050 [MEDIUM] CVE-2005-2050: Unknown vulnerability in Tor before 0 Unknown vulnerability in Tor before 0.1.0.10 allows remote attackers to read arbitrary memory and possibly key information from the exit server's process space.