Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5573

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-5573
Last Modified 22 Aug 2013 02:46:42
Published 01 Jan 2013 07:35:14
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-5573

Summary

The connection_edge_process_relay_cell function in or/relay.c in Tor before 0.2.3.25 maintains circuits even if an unexpected SENDME cell arrives, which might allow remote attackers to cause a denial of service (memory consumption or excessive cell reception rate) or bypass intended flow-control restrictions via a RELAY_COMMAND_SENDME command.

Vulnerable Systems

Application

  • Torproject Tor 0.0.2

  • Torproject Tor 0.0.3

  • Torproject Tor 0.0.4

  • Torproject Tor 0.0.5

  • Torproject Tor 0.0.6

  • Torproject Tor 0.0.6.1

  • Torproject Tor 0.0.6.2

  • Torproject Tor 0.0.7

  • Torproject Tor 0.0.7.1

  • Torproject Tor 0.0.7.2

  • Torproject Tor 0.0.7.3

  • Torproject Tor 0.0.8.1

  • Torproject Tor 0.0.9.1

  • Torproject Tor 0.0.9.10

  • Torproject Tor 0.0.9.2

  • Torproject Tor 0.0.9.3

  • Torproject Tor 0.0.9.4

  • Torproject Tor 0.0.9.5

  • Torproject Tor 0.0.9.6

  • Torproject Tor 0.0.9.7

  • Torproject Tor 0.0.9.8

  • Torproject Tor 0.0.9.9

  • Torproject Tor 0.1.0.10

  • Torproject Tor 0.1.0.11

  • Torproject Tor 0.1.0.12

  • Torproject Tor 0.1.0.13

  • Torproject Tor 0.1.0.14

  • Torproject Tor 0.1.0.15

  • Torproject Tor 0.1.0.16

  • Torproject Tor 0.1.0.17

  • Torproject Tor 0.1.1.20

  • Torproject Tor 0.1.1.21

  • Torproject Tor 0.1.1.22

  • Torproject Tor 0.1.1.23

  • Torproject Tor 0.1.1.24

  • Torproject Tor 0.1.1.25

  • Torproject Tor 0.1.1.26

  • Torproject Tor 0.1.2.13

  • Torproject Tor 0.1.2.14

  • Torproject Tor 0.1.2.15

  • Torproject Tor 0.1.2.16

  • Torproject Tor 0.1.2.17

  • Torproject Tor 0.1.2.18

  • Torproject Tor 0.1.2.19

  • Torproject Tor 0.2.0.30

  • Torproject Tor 0.2.0.31

  • Torproject Tor 0.2.0.32

  • Torproject Tor 0.2.0.33

  • Torproject Tor 0.2.0.34

  • Torproject Tor 0.2.0.35

  • Torproject Tor 0.2.2.18

  • Torproject Tor 0.2.2.19

  • Torproject Tor 0.2.2.20

  • Torproject Tor 0.2.2.21

  • Torproject Tor 0.2.2.22

  • Torproject Tor 0.2.2.23

  • Torproject Tor 0.2.2.24

  • Torproject Tor 0.2.2.25

  • Torproject Tor 0.2.2.26

  • Torproject Tor 0.2.2.27

  • Torproject Tor 0.2.2.28

  • Torproject Tor 0.2.2.29

  • Torproject Tor 0.2.2.30

  • Torproject Tor 0.2.2.31

  • Torproject Tor 0.2.2.32

  • Torproject Tor 0.2.2.33

  • Torproject Tor 0.2.2.34

  • Torproject Tor 0.2.2.35

  • Torproject Tor 0.2.2.36

  • Torproject Tor 0.2.2.37

  • Torproject Tor 0.2.2.38

  • Torproject Tor 0.2.3

  • Torproject Tor 0.2.3.13

  • Torproject Tor 0.2.3.14

  • Torproject Tor 0.2.3.15

  • Torproject Tor 0.2.3.16

  • Torproject Tor 0.2.3.17

  • Torproject Tor 0.2.3.18

  • Torproject Tor 0.2.3.19

  • Torproject Tor 0.2.3.20

  • Torproject Tor 0.2.3.21

  • Torproject Tor 0.2.3.22

  • Torproject Tor 0.2.3.23

  • Torproject Tor 0.2.3.24


References

CONFIRM - https://trac.torproject.org/projects/tor/ticket/6252

CONFIRM - https://gitweb.torproject.org/tor.git/blob/release-0.2.3:/ReleaseNotes

CONFIRM - https://gitweb.torproject.org/arma/tor.git/commitdiff/b9b54568c0bb64c32bd0b362954bdbc8c1234b16

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=880310

CONFIRM - https://bugs.gentoo.org/show_bug.cgi?id=444804

MLIST - [oss-security] 20121126 Re: tor DoS via SENDME cells

XF - tor-sendme-dos(80289)

SECUNIA - 51329

GENTOO - GLSA-201301-03


Last Updated: 27 May 2016 11:01:30