Lucene search

MitreCVE-2006-6893

HistoryJan 08, 2007 - 8:00 p.m.

CVE-2006-6893

2007-01-0820:00:00

mitre

web.nvd.nist.gov

cve-2006-6893

tor

remote attackers

ip address

hidden service

cpu temperature

time value patterns

icmp

tcp sequence numbers

tcp timestamps

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.3

Confidence

Low

EPSS

0.012

Percentile

85.5%

JSON

Tor allows remote attackers to discover the IP address of a hidden service by accessing this service at a high rate, thereby changing the server’s CPU temperature and consequently changing the pattern of time values visible through (1) ICMP timestamps, (2) TCP sequence numbers, and (3) TCP timestamps, a different vulnerability than CVE-2006-0414. NOTE: it could be argued that this is a laws-of-physics vulnerability that is a fundamental design limitation of certain hardware implementations, so perhaps this issue should not be included in CVE.

Affected configurations

Nvd

Node

tortorMatch0.1.1.26

VendorProductVersionCPE
tortor0.1.1.26cpe:2.3:a:tor:tor:0.1.1.26:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tor	tor	0.1.1.26	cpe:2.3:a:tor:tor:0.1.1.26:::::::*

References

events.ccc.de/congress/2006/Fahrplan/events/1513.en.html

www.cl.cam.ac.uk/~sjm217/papers/ccs06hotornot.pdf

www.lightbluetouchpaper.org/2006/09/04/hot-or-not-revealing-hidden-services-by-their-clock-skew/

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.3

Confidence

Low

EPSS

0.012

Percentile

85.5%

JSON

Related for CVE-2006-6893