Tor Circuit Entry Guard Same Family Check Design Weakness
BID:24180
Info
Tor Circuit Entry Guard Same Family Check Design Weakness
| Bugtraq ID: | 24180 |
| Class: | Design Error |
| CVE: |
CVE-2007-3165 |
| Remote: | Yes |
| Local: | No |
| Published: | May 28 2007 12:00AM |
| Updated: | May 07 2015 05:37PM |
| Credit: | This discovery is attributed to lodger. |
| Vulnerable: |
Tor Tor 0.1.1 23 Tor Tor 0.1.1 .5-alpha Tor Tor 0.1.1 .4-alpha Tor Tor 0.1.1 .3-alpha Tor Tor 0.1.1 .20 Tor Tor 0.1.1 .2-alpha Tor Tor 0.1.1 .1-alpha Tor Tor 0.1 18 Tor Tor 0.1 .0.14 Tor Tor 0.1 .0.13 Tor Tor 0.1 .0.12 Tor Tor 0.1 .0.11 Tor Tor 0.1 .0.10 Tor Tor 0.0.9 .9 Tor Tor 0.0.9 .8 Tor Tor 0.0.9 .7 Tor Tor 0.0.9 .6 Tor Tor 0.0.9 .5 Tor Tor 0.0.9 .4 Tor Tor 0.0.9 .3 Tor Tor 0.0.9 .2 Tor Tor 0.0.9 .10 Tor Tor 0.0.9 .1 Tor Tor 0.0.9 Tor Tor 0.1.2.1 alpha-cvs |
| Not Vulnerable: |
Tor Tor 0.1.2 14 |
Discussion
Tor Circuit Entry Guard Same Family Check Design Weakness
Tor is prone to a design weakness that may assist hostile node operators in performing traffic analysis.
Tor performs a check to ensure that the entry guard is not the same node as the exit guard when building a circuit. However, Tor fails to ensure that the entry guard and exit guard are not part of the same family. This may enable hostile node operators to have purview over more of a Tor client's communication stream than intended. This weakness aids in the performance of traffic analysis.
This issue affects all versions prior to 0.1.2.14.
Tor is prone to a design weakness that may assist hostile node operators in performing traffic analysis.
Tor performs a check to ensure that the entry guard is not the same node as the exit guard when building a circuit. However, Tor fails to ensure that the entry guard and exit guard are not part of the same family. This may enable hostile node operators to have purview over more of a Tor client's communication stream than intended. This weakness aids in the performance of traffic analysis.
This issue affects all versions prior to 0.1.2.14.
Exploit / POC
Tor Circuit Entry Guard Same Family Check Design Weakness
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Tor Circuit Entry Guard Same Family Check Design Weakness
Solution:
The vendor has released an update and associated announcement to address these issues. Please see the references for more information.
Tor Tor 0.1.2.1 alpha-cvs
Solution:
The vendor has released an update and associated announcement to address these issues. Please see the references for more information.
Tor Tor 0.1.2.1 alpha-cvs
-
Tor Tor 0.1.2.14
https://tor.eff.org/download.html
References
Tor Circuit Entry Guard Same Family Check Design Weakness
References:
References:
- Tor 0.1.2.14 is released (Roger Dingledine)
- Tor Homepage (Tor)