Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4098

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2007-4098
Last Modified 07 Mar 2011 09:57:48
Published 30 Jul 2007 05:17:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4098

Summary

Tor before 0.1.2.15 does not properly distinguish "streamids from different exits," which might allow remote attackers with control over Tor routers to inject cells into arbitrary streams.

Vulnerable Systems

Application

  • Tor 0.1.0.10

  • Tor 0.1.0.11

  • Tor 0.1.0.12

  • Tor 0.1.0.13

  • Tor 0.1.0.14

  • Tor 0.1.0.18

  • Tor 0.1.1.1 Alpha

  • Tor 0.1.1.2 Alpha

  • Tor 0.1.1.20

  • Tor 0.1.1.23

  • Tor 0.1.1.3 Alpha

  • Tor 0.1.1.4 Alpha

  • Tor 0.1.1.5 Alpha

  • Tor 0.1.2.1 Alpha-cvs

  • Tor 0.1.2.14


References

BID - 25035

SECUNIA - 26140

MLIST - [or-announce] 20070723 Tor 0.1.2.15 is released

VUPEN - ADV-2007-2634

OSVDB - 46970


Last Updated: 27 May 2016 10:45:46