ID CVE-2014-5117 Type cve Reporter NVD Modified 2017-01-06T22:00:25
Description
Tor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a circuit after an inbound RELAY_EARLY cell is received by a client, which makes it easier for remote attackers to conduct traffic-confirmation attacks by using the pattern of RELAY and RELAY_EARLY cells as a means of communicating information about hidden service names.
{"result": {"openvas": [{"id": "OPENVAS:1361412562310804934", "type": "openvas", "title": "Tor 'Relay Early' Traffic Confirmation Attack Vunerability oct14 (Linux)", "description": "This host is installed with Tor browser\n and is prone to information disclosure vulnerability.", "published": "2014-10-14T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804934", "cvelist": ["CVE-2014-5117"], "lastseen": "2017-07-26T08:48:53"}, {"id": "OPENVAS:1361412562310868091", "type": "openvas", "title": "Fedora Update for tor FEDORA-2014-9082", "description": "Check for the Version of tor", "published": "2014-08-15T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868091", "cvelist": ["CVE-2014-5117"], "lastseen": "2018-04-09T11:14:08"}, {"id": "OPENVAS:1361412562310804933", "type": "openvas", "title": "Tor 'Relay Early' Traffic Confirmation Attack Vunerability oct14 (Windows)", "description": "This host is installed with Tor browser\n and is prone to information disclosure vulnerability.", "published": "2014-10-14T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804933", "cvelist": ["CVE-2014-5117"], "lastseen": "2017-08-04T10:49:04"}, {"id": "OPENVAS:702993", "type": "openvas", "title": "Debian Security Advisory DSA 2993-1 (tor - security update)", "description": "Several issues have been discovered in Tor, a connection-based\nlow-latency anonymous communication system, resulting in information\nleaks.\n\nRelay-early cells could be used by colluding relays on the network to\ntag user circuits and so deploy traffic confirmation attacks\n[CVE-2014-5117 \n]. The updated version emits a warning and drops the\ncircuit upon receiving inbound relay-early cells, preventing this\nspecific kind of attack. Please consult the following advisory for\nmore details about this issue:\n\nhttps://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack \nA bug in the bounds-checking in the 32-bit curve25519-donna\nimplementation could cause incorrect results on 32-bit\nimplementations when certain malformed inputs were used along with a\nsmall class of private ntor keys. This flaw does not currently\nappear to allow an attacker to learn private keys or impersonate a\nTor server, but it could provide a means to distinguish 32-bit Tor\nimplementations from 64-bit Tor implementations.\n\nThe following additional security-related improvements have been\nimplemented:\n\nAs a client, the new version will effectively stop using CREATE_FAST\ncells. While this adds computational load on the network, this\napproach can improve security on connections where Tor's circuit\nhandshake is stronger than the available TLS connection security\nlevels.\n\nPrepare clients to use fewer entry guards by honoring the consensus\nparameters. The following article provides some background:\n\nhttps://blog.torproject.org/blog/improving-tors-anonymity-changing-guard-parameters", "published": "2014-07-31T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=702993", "cvelist": ["CVE-2014-5117"], "lastseen": "2017-09-04T14:12:36"}, {"id": "OPENVAS:1361412562310702993", "type": "openvas", "title": "Debian Security Advisory DSA 2993-1 (tor - security update)", "description": "Several issues have been discovered in Tor, a connection-based\nlow-latency anonymous communication system, resulting in information\nleaks.\n\nRelay-early cells could be used by colluding relays on the network to\ntag user circuits and so deploy traffic confirmation attacks\n[CVE-2014-5117 \n]. The updated version emits a warning and drops the\ncircuit upon receiving inbound relay-early cells, preventing this\nspecific kind of attack. Please consult the following advisory for\nmore details about this issue:\n\nhttps://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack \nA bug in the bounds-checking in the 32-bit curve25519-donna\nimplementation could cause incorrect results on 32-bit\nimplementations when certain malformed inputs were used along with a\nsmall class of private ntor keys. This flaw does not currently\nappear to allow an attacker to learn private keys or impersonate a\nTor server, but it could provide a means to distinguish 32-bit Tor\nimplementations from 64-bit Tor implementations.\n\nThe following additional security-related improvements have been\nimplemented:\n\nAs a client, the new version will effectively stop using CREATE_FAST\ncells. While this adds computational load on the network, this\napproach can improve security on connections where Tor's circuit\nhandshake is stronger than the available TLS connection security\nlevels.\n\nPrepare clients to use fewer entry guards by honoring the consensus\nparameters. The following article provides some background:\n\nhttps://blog.torproject.org/blog/improving-tors-anonymity-changing-guard-parameters", "published": "2014-07-31T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702993", "cvelist": ["CVE-2014-5117"], "lastseen": "2018-04-06T11:10:49"}, {"id": "OPENVAS:1361412562310868087", "type": "openvas", "title": "Fedora Update for tor FEDORA-2014-9073", "description": "Check for the Version of tor", "published": "2014-08-15T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868087", "cvelist": ["CVE-2014-5117"], "lastseen": "2018-04-09T11:11:36"}, {"id": "OPENVAS:1361412562310869244", "type": "openvas", "title": "Fedora Update for tor FEDORA-2015-5732", "description": "Check the version of tor", "published": "2015-04-19T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869244", "cvelist": ["CVE-2015-2928", "CVE-2014-5117", "CVE-2015-2929"], "lastseen": "2017-07-25T10:52:17"}, {"id": "OPENVAS:1361412562310869167", "type": "openvas", "title": "Fedora Update for tor FEDORA-2015-4478", "description": "Check the version of tor", "published": "2015-04-06T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869167", "cvelist": ["CVE-2014-5117", "CVE-2015-2689", "CVE-2015-2688"], "lastseen": "2017-07-25T10:53:58"}], "freebsd": [{"id": "31C09848-1829-11E4-BF04-60A44C524F57", "type": "freebsd", "title": "tor -- traffic confirmation attack", "description": "\nThe Tor Project reports:\n\nTor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a\n\t circuit after an inbound RELAY_EARLY cell is received by a client,\n\t which makes it easier for remote attackers to conduct\n\t traffic-confirmation attacks by using the pattern of RELAY and\n\t RELAY_EARLY cells as a means of communicating information about\n\t hidden service names.\n\n", "published": "2014-07-30T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://vuxml.freebsd.org/freebsd/31c09848-1829-11e4-bf04-60a44c524f57.html", "cvelist": ["CVE-2014-5117"], "lastseen": "2016-09-26T17:24:24"}], "nessus": [{"id": "FEDORA_2014-9082.NASL", "type": "nessus", "title": "Fedora 20 : tor-0.2.4.23-1.fc20 (2014-9082)", "description": "Security fix for CVE-2014-5117\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2014-08-15T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=77209", "cvelist": ["CVE-2014-5117"], "lastseen": "2017-10-29T13:43:57"}, {"id": "MANDRIVA_MDVSA-2014-150.NASL", "type": "nessus", "title": "Mandriva Linux Security Advisory : tor (MDVSA-2014:150)", "description": "Updated tor package fixes security vulnerability :\n\nTor before 0.2.4.23 maintains a circuit after an inbound RELAY_EARLY cell is received by a client, which makes it easier for remote attackers to conduct traffic-confirmation attacks by using the pattern of RELAY and RELAY_EARLY cells as a means of communicating information about hidden service names (CVE-2014-5117).", "published": "2014-08-07T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=77038", "cvelist": ["CVE-2014-5117"], "lastseen": "2017-10-29T13:44:40"}, {"id": "OPENSUSE-2014-492.NASL", "type": "nessus", "title": "openSUSE Security Update : tor (openSUSE-SU-2014:0975-1)", "description": "- Tor 0.2.4.23 [bnc#889688] [CVE-2014-5117] Slows down the risk from guard rotation and backports several important fixes from the Tor 0.2.5 alpha release series.\n\n - Major features :\n\n - Clients now look at the 'usecreatefast' consensus parameter to decide whether to use CREATE_FAST or CREATE cells for the first hop of their circuit. This approach can improve security on connections where Tor's circuit handshake is stronger than the available TLS connection security levels, but the tradeoff is more computational load on guard relays.\n\n - Make the number of entry guards configurable via a new NumEntryGuards consensus parameter, and the number of directory guards configurable via a new NumDirectoryGuards consensus parameter.\n\n - Major bugfixes :\n\n - Fix a bug in the bounds-checking in the 32-bit curve25519-donna implementation that caused incorrect results on 32-bit implementations when certain malformed inputs were used along with a small class of private ntor keys.\n\n - Minor bugfixes :\n\n - Warn and drop the circuit if we receive an inbound 'relay early' cell.\n\n - Correct a confusing error message when trying to extend a circuit via the control protocol but we don't know a descriptor or microdescriptor for one of the specified relays.\n\n - Avoid an illegal read from stack when initializing the TLS module using a version of OpenSSL without all of the ciphers used by the v2 link handshake.", "published": "2014-08-12T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=77136", "cvelist": ["CVE-2014-5117"], "lastseen": "2017-10-29T13:33:59"}, {"id": "DEBIAN_DSA-2993.NASL", "type": "nessus", "title": "Debian DSA-2993-1 : tor - security update", "description": "Several issues have been discovered in Tor, a connection-based low-latency anonymous communication system, resulting in information leaks.\n\n - Relay-early cells could be used by colluding relays on the network to tag user circuits and so deploy traffic confirmation attacks [ CVE-2014-5117]. The updated version emits a warning and drops the circuit upon receiving inbound relay-early cells, preventing this specific kind of attack. Please consult the following advisory for more details about this issue :\n https://blog.torproject.org/blog/tor-security-advisory-r elay-early-traffic-confirmation-attack\n\n - A bug in the bounds-checking in the 32-bit curve25519-donna implementation could cause incorrect results on 32-bit implementations when certain malformed inputs were used along with a small class of private ntor keys. This flaw does not currently appear to allow an attacker to learn private keys or impersonate a Tor server, but it could provide a means to distinguish 32-bit Tor implementations from 64-bit Tor implementations.\nThe following additional security-related improvements have been implemented :\n\n - As a client, the new version will effectively stop using CREATE_FAST cells. While this adds computational load on the network, this approach can improve security on connections where Tor's circuit handshake is stronger than the available TLS connection security levels.\n - Prepare clients to use fewer entry guards by honoring the consensus parameters. The following article provides some background :\n\n https://blog.torproject.org/blog/improving-tors-anonymit y-changing-guard-parameters", "published": "2014-08-01T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=76949", "cvelist": ["CVE-2014-5117"], "lastseen": "2017-10-29T13:33:47"}, {"id": "FEDORA_2014-9073.NASL", "type": "nessus", "title": "Fedora 19 : tor-0.2.4.23-1.fc19 (2014-9073)", "description": "Security fix for CVE-2014-5117\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2014-08-15T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=77208", "cvelist": ["CVE-2014-5117"], "lastseen": "2017-10-29T13:44:12"}, {"id": "FREEBSD_PKG_31C09848182911E4BF0460A44C524F57.NASL", "type": "nessus", "title": "FreeBSD : tor -- traffic confirmation attack (31c09848-1829-11e4-bf04-60a44c524f57)", "description": "The Tor Project reports :\n\nTor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a circuit after an inbound RELAY_EARLY cell is received by a client, which makes it easier for remote attackers to conduct traffic-confirmation attacks by using the pattern of RELAY and RELAY_EARLY cells as a means of communicating information about hidden service names.", "published": "2014-07-31T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=76922", "cvelist": ["CVE-2014-5117"], "lastseen": "2017-10-29T13:44:05"}], "debian": [{"id": "DSA-2993", "type": "debian", "title": "tor -- security update", "description": "Several issues have been discovered in Tor, a connection-based low-latency anonymous communication system, resulting in information leaks.\n\n * Relay-early cells could be used by colluding relays on the network to tag user circuits and so deploy traffic confirmation attacks [[CVE-2014-5117](<https://security-tracker.debian.org/tracker/CVE-2014-5117>)]. The updated version emits a warning and drops the circuit upon receiving inbound relay-early cells, preventing this specific kind of attack. Please consult the following advisory for more details about this issue:\n\n<https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack>\n\n * A bug in the bounds-checking in the 32-bit curve25519-donna implementation could cause incorrect results on 32-bit implementations when certain malformed inputs were used along with a small class of private ntor keys. This flaw does not currently appear to allow an attacker to learn private keys or impersonate a Tor server, but it could provide a means to distinguish 32-bit Tor implementations from 64-bit Tor implementations.\n\nThe following additional security-related improvements have been implemented:\n\n * As a client, the new version will effectively stop using CREATE_FAST cells. While this adds computational load on the network, this approach can improve security on connections where Tor's circuit handshake is stronger than the available TLS connection security levels.\n\n * Prepare clients to use fewer entry guards by honoring the consensus parameters. The following article provides some background:\n\n<https://blog.torproject.org/blog/improving-tors-anonymity-changing-guard-parameters>\n\nFor the stable distribution (wheezy), these problems have been fixed in version 0.2.4.23-1~deb7u1.\n\nFor the testing distribution (jessie) and the unstable distribution (sid), these problems have been fixed in version 0.2.4.23-1.\n\nFor the experimental distribution, these problems have been fixed in version 0.2.5.6-alpha-1.\n\nWe recommend that you upgrade your tor packages.", "published": "2014-07-31T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "http://www.debian.org/security/dsa-2993", "cvelist": ["CVE-2014-5117"], "lastseen": "2016-09-02T18:28:33"}]}}
