Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2643

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-2643
Last Modified 05 Sep 2008 04:52:18
Published 23 Aug 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2643

Summary

Tor 0.1.0.13 and earlier, and experimental versions 0.1.1.4-alpha and earlier, does not reject certain weak keys when using ephemeral Diffie-Hellman (DH) handshakes, which allows malicious Tor servers to obtain the keys that a client uses for other systems in the circuit.

Vulnerable Systems

Application

  • Tor 0.0.9

  • Tor 0.0.9.1

  • Tor 0.0.9.2

  • Tor 0.0.9.3

  • Tor 0.0.9.4

  • Tor 0.0.9.5

  • Tor 0.0.9.6

  • Tor 0.0.9.7

  • Tor 0.0.9.8

  • Tor 0.0.9.9

  • Tor 0.1.0.1

  • Tor 0.1.0.10

  • Tor 0.1.0.11

  • Tor 0.1.0.12

  • Tor 0.1.0.13

  • Tor 0.1.0.2

  • Tor 0.1.0.3

  • Tor 0.1.0.4

  • Tor 0.1.0.5

  • Tor 0.1.0.6

  • Tor 0.1.0.7

  • Tor 0.1.0.8

  • Tor 0.1.0.9

  • Tor 0.1.1.1 Alpha

  • Tor 0.1.1.2 Alpha

  • Tor 0.1.1.3 Alpha

  • Tor 0.1.1.4 Alpha


References

SECUNIA - 16424

MLIST - [or-announce] 20050811 Tor security advisory: DH handshake flaw

SECTRACK - 1014739

BUGTRAQ - 20050819 Fwd: Tor security advisory: DH handshake flaw


Last Updated: 27 May 2016 10:40:35