CVE-2006-3407
CVSS6.4
发布时间 :2006-07-06 20:05:00
修订时间 :2008-09-10 16:23:00
NMCOS    

[原文]Tor before 0.1.1.20 allows remote attackers to spoof log entries or possibly execute shell code via strings with non-printable characters.


[CNNVD]Tor隐藏服务泄漏漏洞(CNNVD-200607-079)

        Tor是一个用于匿名访问因特网的软件,用于防范流量过滤和嗅探分析等。
        Tor的某些版本存在信息泄漏漏洞。攻击者可以创建恶意的Tor server并试图反复访问隐藏的服务,并在每次访问后追踪哪些用户通过恶意的服务器创建了环路,这样就可以比预期时间更快的找到隐藏服务的位置。如果访问了隐藏服务就可能获得有关Tor用户的敏感信息。

- CVSS (基础分值)

CVSS分值: 6.4 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:tor:tor:0.1.1.5_alpha
cpe:/a:tor:tor:0.1.1.3_alpha
cpe:/a:tor:tor:0.0.9.8
cpe:/a:tor:tor:0.1.0.11
cpe:/a:tor:tor:0.0.2_pre23
cpe:/a:tor:tor:0.0.2
cpe:/a:tor:tor:0.0.2_pre15
cpe:/a:tor:tor:0.0.7.1
cpe:/a:tor:tor:0.1.0.16
cpe:/a:tor:tor:0.1.0.19
cpe:/a:tor:tor:0.0.2_pre22
cpe:/a:tor:tor:0.0.2_pre17
cpe:/a:tor:tor:0.1.1.8_alpha
cpe:/a:tor:tor:0.0.9.6
cpe:/a:tor:tor:0.1.1.7_alpha
cpe:/a:tor:tor:0.0.2_pre26
cpe:/a:tor:tor:0.0.9
cpe:/a:tor:tor:0.1.0.3
cpe:/a:tor:tor:0.0.8.1
cpe:/a:tor:tor:0.0.2_pre25
cpe:/a:tor:tor:0.0.2_pre16
cpe:/a:tor:tor:0.0.9.3
cpe:/a:tor:tor:0.1.1.9_alpha
cpe:/a:tor:tor:0.0.2_pre13
cpe:/a:tor:tor:0.1.0.9
cpe:/a:tor:tor:0.0.2_pre20
cpe:/a:tor:tor:0.1.0.17
cpe:/a:tor:tor:0.1.1.6_alpha
cpe:/a:tor:tor:0.1.0.6
cpe:/a:tor:tor:0.0.6.2
cpe:/a:tor:tor:0.1.0.1
cpe:/a:tor:tor:0.1.0.5
cpe:/a:tor:tor:0.0.8
cpe:/a:tor:tor:0.0.2_pre21
cpe:/a:tor:tor:0.1.0.2
cpe:/a:tor:tor:0.0.2_pre24
cpe:/a:tor:tor:0.0.9.2
cpe:/a:tor:tor:0.0.9.5
cpe:/a:tor:tor:0.1.1.4_alpha
cpe:/a:tor:tor:0.0.9.9
cpe:/a:tor:tor:0.0.4
cpe:/a:tor:tor:0.0.2_pre27
cpe:/a:tor:tor:0.0.2_pre19
cpe:/a:tor:tor:0.1.1.2_alpha
cpe:/a:tor:tor:0.0.3
cpe:/a:tor:tor:0.1.0.15
cpe:/a:tor:tor:0.0.9.1
cpe:/a:tor:tor:0.1.1.10_alpha
cpe:/a:tor:tor:0.0.6.1
cpe:/a:tor:tor:0.0.7.3
cpe:/a:tor:tor:0.0.2_pre14
cpe:/a:tor:tor:0.0.6
cpe:/a:tor:tor:0.1.0.4
cpe:/a:tor:tor:0.1.0.10
cpe:/a:tor:tor:0.1.0.8
cpe:/a:tor:tor:0.1.0.7
cpe:/a:tor:tor:0.0.9.4
cpe:/a:tor:tor:0.1.0.18
cpe:/a:tor:tor:0.1.0.14
cpe:/a:tor:tor:0.0.2_pre18
cpe:/a:tor:tor:0.0.9.7
cpe:/a:tor:tor:0.1.0.13
cpe:/a:tor:tor:0.0.7
cpe:/a:tor:tor:0.0.7.2
cpe:/a:tor:tor:0.0.5
cpe:/a:tor:tor:0.0.9.10
cpe:/a:tor:tor:0.1.0.12
cpe:/a:tor:tor:0.1.1.1_alpha

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3407
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3407
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200607-079
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/26793
(PATCH)  XF  tor-log-spoofing(26793)
http://security.gentoo.org/glsa/glsa-200606-04.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200606-04
http://secunia.com/advisories/20514
(VENDOR_ADVISORY)  SECUNIA  20514
http://secunia.com/advisories/20277
(VENDOR_ADVISORY)  SECUNIA  20277
http://tor.eff.org/cvs/tor/ChangeLog
(UNKNOWN)  CONFIRM  http://tor.eff.org/cvs/tor/ChangeLog
http://www.securityfocus.com/bid/19795
(UNKNOWN)  BID  19795

- 漏洞信息

Tor隐藏服务泄漏漏洞
中危 资料不足
2006-07-06 00:00:00 2006-07-20 00:00:00
远程  
        Tor是一个用于匿名访问因特网的软件,用于防范流量过滤和嗅探分析等。
        Tor的某些版本存在信息泄漏漏洞。攻击者可以创建恶意的Tor server并试图反复访问隐藏的服务,并在每次访问后追踪哪些用户通过恶意的服务器创建了环路,这样就可以比预期时间更快的找到隐藏服务的位置。如果访问了隐藏服务就可能获得有关Tor用户的敏感信息。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        http://tor.eff.org/dist/tor-0.1.1.20.tar.gz

- 漏洞信息

35675
EFF Tor Non-Printable Character String Remote Code Execution
Remote / Network Access
Loss of Integrity
Vendor Verified

- 漏洞描述

- 时间线

2006-05-23 Unknow
Unknow 2006-05-23

- 解决方案

Upgrade to version 0.1.1.20 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Tor Multiple Buffer Overflow/Information Disclosure/Denial of Service Vulnerabilities
Unknown 19795
Yes No
2006-07-06 12:00:00 2006-09-05 05:53:00
These issues were disclosed by the vendor.

- 受影响的程序版本

Tor Tor 0.1.1 .5-alpha
Tor Tor 0.1.1 .4-alpha
Tor Tor 0.1.1 .3-alpha
Tor Tor 0.1.1 .2-alpha
Tor Tor 0.1.1 .1-alpha
Tor Tor 0.1 18
Tor Tor 0.1 .0.14
Tor Tor 0.1 .0.13
Tor Tor 0.1 .0.12
Tor Tor 0.1 .0.11
Tor Tor 0.1 .0.10
Tor Tor 0.0.9 .9
Tor Tor 0.0.9 .8
Tor Tor 0.0.9 .7
Tor Tor 0.0.9 .6
Tor Tor 0.0.9 .5
Tor Tor 0.0.9 .4
Tor Tor 0.0.9 .3
Tor Tor 0.0.9 .2
Tor Tor 0.0.9 .10
Tor Tor 0.0.9 .1
Tor Tor 0.0.9
Tor Tor 0.1.1 .20

- 不受影响的程序版本

Tor Tor 0.1.1 .20

- 漏洞讨论

Tor is affected by multiple vulnerabilities, including an integer overflow, a denial of service, information disclosure, and a possible log-bypass vulnerability.

An attacker can exploit these issues to retrieve sensitive information, crash the affected application, and potentially gain remote access to the underlying computer.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

Some of these issues may not require exploit code; attackers may use standard networking tools.

- 解决方案

The vendor has released version 0.1.1.20 to address these issues.

Please see the referenced advisories for more information.


Tor Tor 0.0.9 .3

Tor Tor 0.0.9 .6

Tor Tor 0.0.9 .5

Tor Tor 0.0.9 .1

Tor Tor 0.0.9 .4

Tor Tor 0.0.9 .8

Tor Tor 0.0.9 .10

Tor Tor 0.0.9 .7

Tor Tor 0.0.9 .2

Tor Tor 0.0.9

Tor Tor 0.0.9 .9

Tor Tor 0.1 .0.14

Tor Tor 0.1 .0.10

Tor Tor 0.1 .0.13

Tor Tor 0.1 .0.11

Tor Tor 0.1 .0.12

Tor Tor 0.1.1 .1-alpha

Tor Tor 0.1.1 .4-alpha

Tor Tor 0.1.1 .3-alpha

Tor Tor 0.1.1 .2-alpha

Tor Tor 0.1.1 .5-alpha

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站