Tor ControlPort Missing Authentication Unauthorized Access Vulnerability
BID:25188
Info
Tor ControlPort Missing Authentication Unauthorized Access Vulnerability
| Bugtraq ID: | 25188 |
| Class: | Design Error |
| CVE: |
CVE-2007-4174 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 02 2007 12:00AM |
| Updated: | May 07 2015 05:36PM |
| Credit: | The vendor released information regarding this vulnerability. |
| Vulnerable: |
Tor Tor 0.1.2.15 |
| Not Vulnerable: |
Tor Tor 0.1.2.16 |
Discussion
Tor ControlPort Missing Authentication Unauthorized Access Vulnerability
Tor is prone to an unauthorized-access vulnerability due to a design error when handling multiple connections to the ControlPort.
An attacker can exploit this issue to reconfigure Tor and significantly weaken the anonymity provided by the software.
Tor 0.1.2.15 is confirmed vulnerable; previous versions may also be affected.
Tor is prone to an unauthorized-access vulnerability due to a design error when handling multiple connections to the ControlPort.
An attacker can exploit this issue to reconfigure Tor and significantly weaken the anonymity provided by the software.
Tor 0.1.2.15 is confirmed vulnerable; previous versions may also be affected.
Exploit / POC
Tor ControlPort Missing Authentication Unauthorized Access Vulnerability
The following exploit code is avaialble:
The following exploit code is avaialble:
Solution / Fix
Tor ControlPort Missing Authentication Unauthorized Access Vulnerability
Solution:
The vendor released an update to address this issue. Please see the vendor references for more information.
Tor Tor 0.1.2.15
Solution:
The vendor released an update to address this issue. Please see the vendor references for more information.
Tor Tor 0.1.2.15
-
Tor Tor 0.1.2.16 Release
http://tor.eff.org/download.html.en
References
Tor ControlPort Missing Authentication Unauthorized Access Vulnerability
References:
References:
- Tor 0.1.2.16 Release Notes (Tor)
- Tor Homepage (Tor)