ID CVE-2006-4508 Type cve Reporter cve@mitre.org Modified 2017-07-20T01:33:00
Description
Unspecified vulnerability in (1) Tor 0.1.0.x before 0.1.0.18 and 0.1.1.x before 0.1.1.23, and (2) ScatterChat before 1.0.2, allows remote attackers operating a Tor entry node to route arbitrary Tor traffic through clients or cause a denial of service (flood) via unspecified vectors.
This vulenrability is addressed in the following product release:
Tor, Tor, 0.1.1.23, and later
Scatterchat, Scatterchat, 1.0.2
{"osvdb": [{"lastseen": "2017-04-28T13:20:24", "bulletinFamily": "software", "description": "## Solution Description\nUpgrade to version 0.1.1.23 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\n[Secunia Advisory ID:21725](https://secuniaresearch.flexerasoftware.com/advisories/21725/)\n[Secunia Advisory ID:21708](https://secuniaresearch.flexerasoftware.com/advisories/21708/)\n[Related OSVDB ID: 28277](https://vulners.com/osvdb/OSVDB:28277)\nOther Advisory URL: http://www.scatterchat.com/advisories/2006-02_tech.html\nMail List Post: http://archives.seul.org/or/announce/Aug-2006/msg00001.html\nMail List Post: http://archives.seul.org/or/announce/Aug-2006/msg00000.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-09/0028.html\nKeyword: ScatterChat Advisory 2006-02\n[CVE-2006-4508](https://vulners.com/cve/CVE-2006-4508)\nBugtraq ID: 19785\n", "modified": "2006-08-29T09:03:49", "published": "2006-08-29T09:03:49", "href": "https://vulners.com/osvdb/OSVDB:28276", "id": "OSVDB:28276", "type": "osvdb", "title": "EFF Tor First Node Unauthorized Traffic Routing", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:24", "bulletinFamily": "software", "description": "## Vulnerability Description\nTor contains a flaw that may allow a remote denial of service. The issue is triggered due to two unspecified errors in the communication handling, and will result in loss of availability for the network or the client.\n## Technical Description\nSuccessful exploitation requires that the malicious Tor server is the first server in the path (entry node).\n## Solution Description\nUpgrade to version 0.1.1.23 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nTor contains a flaw that may allow a remote denial of service. The issue is triggered due to two unspecified errors in the communication handling, and will result in loss of availability for the network or the client.\n## References:\n[Secunia Advisory ID:21725](https://secuniaresearch.flexerasoftware.com/advisories/21725/)\n[Secunia Advisory ID:21708](https://secuniaresearch.flexerasoftware.com/advisories/21708/)\n[Related OSVDB ID: 28276](https://vulners.com/osvdb/OSVDB:28276)\nOther Advisory URL: http://www.scatterchat.com/advisories/2006-02_tech.html\nMail List Post: http://archives.seul.org/or/announce/Aug-2006/msg00001.html\nMail List Post: http://archives.seul.org/or/announce/Aug-2006/msg00000.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-09/0028.html\nKeyword: ScatterChat Advisory 2006-02\n[CVE-2006-4508](https://vulners.com/cve/CVE-2006-4508)\nBugtraq ID: 19785\n", "modified": "2006-08-29T09:03:49", "published": "2006-08-29T09:03:49", "href": "https://vulners.com/osvdb/OSVDB:28277", "id": "OSVDB:28277", "type": "osvdb", "title": "EFF Tor First Node Malformed Input DoS", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:19", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nScatterChat Advisory 2006-02: Win32 Tor Client Routing and Denial of\r\nService Vulnerabilities\r\nTechnical Report\r\nSeptember 2nd, 2006\r\n\r\nCVE ID: CVE-2006-4508\r\nOSVDB: 28276, 28277\r\n\r\n\r\n\r\nSUMMARY\r\n\r\nScatterChat (http://www.scatterchat.com/) is an instant messaging project\r\nthat aims to provide encryption and anonymity support with Tor to\r\nnon-technical users such as human rights activists and political\r\ndissidents.\r\n\r\nVulnerabilities were found in the external Tor program that is packaged\r\nwith the Windows installer. This vulnerability allows a Tor entry node\r\nto route traffic through the client, or to cause a denial of service by\r\ncrashing the Tor process with malformed input.\r\n\r\nThe impact of this vulnerability is low.\r\n\r\n\r\n\r\nDETAILS\r\n\r\nThe official Tor advisory can be found at:\r\nhttp://archives.seul.org/or/announce/Aug-2006/msg00001.html\r\n\r\n\r\n\r\nIMPACT\r\n\r\nThe end-user impact of this issue is low.\r\n\r\nShould a malicious or compromised Tor entry node successfully exploit\r\nthese issues, the local user's Tor process would crash, and/or the user's\r\nmachine would route traffic to other Tor nodes.\r\n\r\nRouting unwanted traffic would cause bandwidth resources to be consumed\r\nas long as ScatterChat is running.\r\n\r\n\r\n\r\nSOLUTION\r\n\r\nAll Windows users who employ ScatterChat's anonymity feature are\r\nstrongly encouraged to upgrade to ScatterChat v1.0.2:\r\n\r\nhttp://www.scatterchat.com/download/v1.0.2/scatterchat-1.0.2.exe\r\nhttp://www.scatterchat.com/download/v1.0.2/scatterchat-1.0.2.exe.sig\r\n\r\n\r\n\r\nCONTACT\r\n\r\nJ. Salvatore Testa II\r\njtesta--at--hacktivismo--dot--com\r\n\r\nhttp://www.scatterchat.com/jtesta_2006.asc\r\n3428 E58E 715E C37D 2AA7 C55E 97D1 DE8C 4B26 2B62\r\n\r\n\r\n- - ----\r\nA less technical summary of this advisory can be found at:\r\nhttp://www.scatterchat.com/advisories/2006-02_non_tech.html\r\n\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.5 (GNU/Linux)\r\n\r\niD8DBQFE+iHXl9HejEsmK2IRAinIAKC9dHPNc+XJzcX4EeNXI2xilDxOFACfW9LG\r\nqtJQVqTJoHgbb/vXCv0+sQo=\r\n=mw1y\r\n-----END PGP SIGNATURE-----", "modified": "2006-09-04T00:00:00", "published": "2006-09-04T00:00:00", "id": "SECURITYVULNS:DOC:14133", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:14133", "title": "[Full-disclosure] ScatterChat Advisory 2006-02: Win32 Tor Client Routing and Denial of Service Vulnerabilities", "type": "securityvulns", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}]}
