ID CVE-2014-5117 Type cve Reporter cve@mitre.org Modified 2017-01-07T03:00:00
Description
Tor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a circuit after an inbound RELAY_EARLY cell is received by a client, which makes it easier for remote attackers to conduct traffic-confirmation attacks by using the pattern of RELAY and RELAY_EARLY cells as a means of communicating information about hidden service names.
{"securityvulns": [{"lastseen": "2018-08-31T11:10:52", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA512\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2993-1 security@debian.org\r\nhttp://www.debian.org/security/ Peter Palfrader\r\nJuly 31, 2014 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : tor\r\nCVE ID : CVE-2014-5117\r\n\r\nSeveral issues have been discovered in Tor, a connection-based\r\nlow-latency anonymous communication system, resulting in information\r\nleaks.\r\n\r\no Relay-early cells could be used by colluding relays on the network to\r\n tag user circuits and so deploy traffic confirmation attacks\r\n [CVE-2014-5117]. The updated version emits a warning and drops the\r\n circuit upon receiving inbound relay-early cells, preventing this\r\n specific kind of attack. Please consult the following advisory for\r\n more details about this issue:\r\n\r\n https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack\r\n\r\no A bug in the bounds-checking in the 32-bit curve25519-donna\r\n implementation could cause incorrect results on 32-bit\r\n implementations when certain malformed inputs were used along with a\r\n small class of private ntor keys. This flaw does not currently\r\n appear to allow an attacker to learn private keys or impersonate a\r\n Tor server, but it could provide a means to distinguish 32-bit Tor\r\n implementations from 64-bit Tor implementations.\r\n\r\nThe following additional security-related improvements have been\r\nimplemented:\r\n\r\no As a client, the new version will effectively stop using CREATE_FAST\r\n cells. While this adds computational load on the network, this\r\n approach can improve security on connections where Tor's circuit\r\n handshake is stronger than the available TLS connection security\r\n levels.\r\n\r\no Prepare clients to use fewer entry guards by honoring the consensus\r\n parameters. The following article provides some background:\r\n\r\n https://blog.torproject.org/blog/improving-tors-anonymity-changing-guard-parameters\r\n\r\nFor the stable distribution (wheezy), these problems have been fixed in\r\nversion 0.2.4.23-1~deb7u1.\r\n\r\nFor the testing distribution (jessie) and the unstable distribution\r\n(sid), these problems have been fixed in version 0.2.4.23-1.\r\n\r\nFor the experimental distribution, these problems have been fixed in\r\nversion 0.2.5.6-alpha-1.\r\n\r\nWe recommend that you upgrade your tor packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQIcBAEBCgAGBQJT2ht+AAoJEAVMuPMTQ89EtFgP/3AWMfTTOxdZn046F/QemXPl\r\nzuDTBhfllKc2s0UXOV63/yjfqr0oa703a/EhWIwZttc9NTi03NY9iKEwNeB+HUCN\r\nb3hENNISFdVp5i11pmbExSTGhfmgBLMPXXJAKbj5Zz1wsUr4SKJpsI0caaBXOOYp\r\nmTOHy0iKvT8RnpBiR0v2pXcCAQEqPy/7j99npO8SDwlOIcG7bmePc+L6YsHT99gh\r\nshNxnnjQIqO45rVHkqVCJc7uEx5k3i3rq0nDQnTrbiZI4G2zOJi7XfteJlCzl0vc\r\nXUt/7cTQeKyIRnNhRE09BctSs+bygCOJXY94iBoOc3eTxGeMoLcORRGZ8R1Jae99\r\ncj8cfT3rH/SP1uWON071I9awwhXaC0nwHtkejAiA6S51rZBaUnQqCFEHp/D3ku7V\r\nNZ8Iux1JYkuXFYyU/FgFouRpbyt3ApITgKFjCySZmH0Kcm7C78gUuHyXhgvQfhdw\r\nMG9DvNIMlRKNAOXlBA9ZUSNpz1YzHRrv0KpwPnlaKSMwvuuuzhfXqFUzbEFLjbkL\r\npPx0goe/BAmdRDKD0to4JhnpzRh71HtZwIOwJWQpqQ/p2IN0s7C5hrfk+g+Bh5kl\r\nfQBUnE18ZJC9ytQlUkYUd0Isc6HfmSQn3C2KA8pDV5jXn4tCMe9u2kfsB10uAPiY\r\nK/PnpW3fw41iiJPdYDZI\r\n=+/Vb\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2014-08-04T00:00:00", "published": "2014-08-04T00:00:00", "id": "SECURITYVULNS:DOC:30966", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30966", "title": "[SECURITY] [DSA 2993-1] tor security update", "type": "securityvulns", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:56", "bulletinFamily": "software", "description": "User deanonimization via Relay-early cells.", "modified": "2014-08-04T00:00:00", "published": "2014-08-04T00:00:00", "id": "SECURITYVULNS:VULN:13896", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13896", "title": "tor user deanonymizing", "type": "securityvulns", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2019-02-21T01:22:17", "bulletinFamily": "scanner", "description": "Security fix for CVE-2014-5117\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2015-10-19T00:00:00", "id": "FEDORA_2014-9082.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=77209", "published": "2014-08-15T00:00:00", "title": "Fedora 20 : tor-0.2.4.23-1.fc20 (2014-9082)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-9082.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77209);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/10/19 22:40:33 $\");\n\n script_cve_id(\"CVE-2014-5117\");\n script_bugtraq_id(68968);\n script_xref(name:\"FEDORA\", value:\"2014-9082\");\n\n script_name(english:\"Fedora 20 : tor-0.2.4.23-1.fc20 (2014-9082)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2014-5117\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1124964\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-August/136742.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d97a14bb\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected tor package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tor\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"tor-0.2.4.23-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tor\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:22:14", "bulletinFamily": "scanner", "description": "Updated tor package fixes security vulnerability :\n\nTor before 0.2.4.23 maintains a circuit after an inbound RELAY_EARLY cell is received by a client, which makes it easier for remote attackers to conduct traffic-confirmation attacks by using the pattern of RELAY and RELAY_EARLY cells as a means of communicating information about hidden service names (CVE-2014-5117).", "modified": "2018-07-19T00:00:00", "id": "MANDRIVA_MDVSA-2014-150.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=77038", "published": "2014-08-07T00:00:00", "title": "Mandriva Linux Security Advisory : tor (MDVSA-2014:150)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:150. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77038);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/07/19 20:59:18\");\n\n script_cve_id(\"CVE-2014-5117\");\n script_bugtraq_id(68968);\n script_xref(name:\"MDVSA\", value:\"2014:150\");\n\n script_name(english:\"Mandriva Linux Security Advisory : tor (MDVSA-2014:150)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandriva Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tor package fixes security vulnerability :\n\nTor before 0.2.4.23 maintains a circuit after an inbound RELAY_EARLY\ncell is received by a client, which makes it easier for remote\nattackers to conduct traffic-confirmation attacks by using the pattern\nof RELAY and RELAY_EARLY cells as a means of communicating information\nabout hidden service names (CVE-2014-5117).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0312.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected tor package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tor\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"tor-0.2.4.23-1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:22:12", "bulletinFamily": "scanner", "description": "The Tor Project reports :\n\nTor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a circuit after an inbound RELAY_EARLY cell is received by a client, which makes it easier for remote attackers to conduct traffic-confirmation attacks by using the pattern of RELAY and RELAY_EARLY cells as a means of communicating information about hidden service names.", "modified": "2018-11-10T00:00:00", "id": "FREEBSD_PKG_31C09848182911E4BF0460A44C524F57.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=76922", "published": "2014-07-31T00:00:00", "title": "FreeBSD : tor -- traffic confirmation attack (31c09848-1829-11e4-bf04-60a44c524f57)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76922);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/11/10 11:49:43\");\n\n script_cve_id(\"CVE-2014-5117\");\n\n script_name(english:\"FreeBSD : tor -- traffic confirmation attack (31c09848-1829-11e4-bf04-60a44c524f57)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Tor Project reports :\n\nTor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a circuit\nafter an inbound RELAY_EARLY cell is received by a client, which makes\nit easier for remote attackers to conduct traffic-confirmation attacks\nby using the pattern of RELAY and RELAY_EARLY cells as a means of\ncommunicating information about hidden service names.\"\n );\n # https://lists.torproject.org/pipermail/tor-announce/2014-July/000094.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?df0e1d00\"\n );\n # https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?df709f16\"\n );\n # https://vuxml.freebsd.org/freebsd/31c09848-1829-11e4-bf04-60a44c524f57.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?58b21fee\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tor-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"tor<0.2.4.23\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tor-devel<0.2.5.6.a\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:22:17", "bulletinFamily": "scanner", "description": "Security fix for CVE-2014-5117\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2015-10-19T00:00:00", "id": "FEDORA_2014-9073.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=77208", "published": "2014-08-15T00:00:00", "title": "Fedora 19 : tor-0.2.4.23-1.fc19 (2014-9073)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-9073.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77208);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/10/19 22:40:33 $\");\n\n script_cve_id(\"CVE-2014-5117\");\n script_bugtraq_id(68968);\n script_xref(name:\"FEDORA\", value:\"2014-9073\");\n\n script_name(english:\"Fedora 19 : tor-0.2.4.23-1.fc19 (2014-9073)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2014-5117\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1124964\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-August/136524.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6432d9e4\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected tor package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tor\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"tor-0.2.4.23-1.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tor\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:22:12", "bulletinFamily": "scanner", "description": "Several issues have been discovered in Tor, a connection-based low-latency anonymous communication system, resulting in information leaks.\n\n - Relay-early cells could be used by colluding relays on the network to tag user circuits and so deploy traffic confirmation attacks [ CVE-2014-5117]. The updated version emits a warning and drops the circuit upon receiving inbound relay-early cells, preventing this specific kind of attack. Please consult the following advisory for more details about this issue :\n https://blog.torproject.org/blog/tor-security-advisory-r elay-early-traffic-confirmation-attack\n\n - A bug in the bounds-checking in the 32-bit curve25519-donna implementation could cause incorrect results on 32-bit implementations when certain malformed inputs were used along with a small class of private ntor keys. This flaw does not currently appear to allow an attacker to learn private keys or impersonate a Tor server, but it could provide a means to distinguish 32-bit Tor implementations from 64-bit Tor implementations.\nThe following additional security-related improvements have been implemented :\n\n - As a client, the new version will effectively stop using CREATE_FAST cells. While this adds computational load on the network, this approach can improve security on connections where Tor's circuit handshake is stronger than the available TLS connection security levels.\n - Prepare clients to use fewer entry guards by honoring the consensus parameters. The following article provides some background :\n\n https://blog.torproject.org/blog/improving-tors-anonymit y-changing-guard-parameters", "modified": "2018-11-10T00:00:00", "id": "DEBIAN_DSA-2993.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=76949", "published": "2014-08-01T00:00:00", "title": "Debian DSA-2993-1 : tor - security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2993. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76949);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/11/10 11:49:36\");\n\n script_cve_id(\"CVE-2014-5117\");\n script_bugtraq_id(68968);\n script_xref(name:\"DSA\", value:\"2993\");\n\n script_name(english:\"Debian DSA-2993-1 : tor - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several issues have been discovered in Tor, a connection-based\nlow-latency anonymous communication system, resulting in information\nleaks.\n\n - Relay-early cells could be used by colluding relays on\n the network to tag user circuits and so deploy traffic\n confirmation attacks [ CVE-2014-5117]. The updated\n version emits a warning and drops the circuit upon\n receiving inbound relay-early cells, preventing this\n specific kind of attack. Please consult the following\n advisory for more details about this issue :\n https://blog.torproject.org/blog/tor-security-advisory-r\n elay-early-traffic-confirmation-attack\n\n - A bug in the bounds-checking in the 32-bit\n curve25519-donna implementation could cause incorrect\n results on 32-bit implementations when certain malformed\n inputs were used along with a small class of private\n ntor keys. This flaw does not currently appear to allow\n an attacker to learn private keys or impersonate a Tor\n server, but it could provide a means to distinguish\n 32-bit Tor implementations from 64-bit Tor\n implementations.\nThe following additional security-related improvements have been\nimplemented :\n\n - As a client, the new version will effectively stop using\n CREATE_FAST cells. While this adds computational load on\n the network, this approach can improve security on\n connections where Tor's circuit handshake is stronger\n than the available TLS connection security levels.\n - Prepare clients to use fewer entry guards by honoring\n the consensus parameters. The following article provides\n some background :\n\n https://blog.torproject.org/blog/improving-tors-anonymit\n y-changing-guard-parameters\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-5117\"\n );\n # https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?df709f16\"\n );\n # https://blog.torproject.org/blog/improving-tors-anonymity-changing-guard-parameters\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e5cae368\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/tor\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-2993\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tor packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 0.2.4.23-1~deb7u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tor\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"tor\", reference:\"0.2.4.23-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tor-dbg\", reference:\"0.2.4.23-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tor-geoipdb\", reference:\"0.2.4.23-1~deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:22:16", "bulletinFamily": "scanner", "description": "- Tor 0.2.4.23 [bnc#889688] [CVE-2014-5117] Slows down the risk from guard rotation and backports several important fixes from the Tor 0.2.5 alpha release series.\n\n - Major features :\n\n - Clients now look at the 'usecreatefast' consensus parameter to decide whether to use CREATE_FAST or CREATE cells for the first hop of their circuit. This approach can improve security on connections where Tor's circuit handshake is stronger than the available TLS connection security levels, but the tradeoff is more computational load on guard relays.\n\n - Make the number of entry guards configurable via a new NumEntryGuards consensus parameter, and the number of directory guards configurable via a new NumDirectoryGuards consensus parameter.\n\n - Major bugfixes :\n\n - Fix a bug in the bounds-checking in the 32-bit curve25519-donna implementation that caused incorrect results on 32-bit implementations when certain malformed inputs were used along with a small class of private ntor keys.\n\n - Minor bugfixes :\n\n - Warn and drop the circuit if we receive an inbound 'relay early' cell.\n\n - Correct a confusing error message when trying to extend a circuit via the control protocol but we don't know a descriptor or microdescriptor for one of the specified relays.\n\n - Avoid an illegal read from stack when initializing the TLS module using a version of OpenSSL without all of the ciphers used by the v2 link handshake.", "modified": "2018-11-10T00:00:00", "id": "OPENSUSE-2014-492.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=77136", "published": "2014-08-12T00:00:00", "title": "openSUSE Security Update : tor (openSUSE-SU-2014:0975-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-492.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77136);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/10 11:50:02\");\n\n script_cve_id(\"CVE-2014-5117\");\n\n script_name(english:\"openSUSE Security Update : tor (openSUSE-SU-2014:0975-1)\");\n script_summary(english:\"Check for the openSUSE-2014-492 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Tor 0.2.4.23 [bnc#889688] [CVE-2014-5117] Slows down the\n risk from guard rotation and backports several important\n fixes from the Tor 0.2.5 alpha release series.\n\n - Major features :\n\n - Clients now look at the 'usecreatefast' consensus\n parameter to decide whether to use CREATE_FAST or CREATE\n cells for the first hop of their circuit. This approach\n can improve security on connections where Tor's circuit\n handshake is stronger than the available TLS connection\n security levels, but the tradeoff is more computational\n load on guard relays.\n\n - Make the number of entry guards configurable via a new\n NumEntryGuards consensus parameter, and the number of\n directory guards configurable via a new\n NumDirectoryGuards consensus parameter.\n\n - Major bugfixes :\n\n - Fix a bug in the bounds-checking in the 32-bit\n curve25519-donna implementation that caused incorrect\n results on 32-bit implementations when certain malformed\n inputs were used along with a small class of private\n ntor keys.\n\n - Minor bugfixes :\n\n - Warn and drop the circuit if we receive an inbound\n 'relay early' cell.\n\n - Correct a confusing error message when trying to extend\n a circuit via the control protocol but we don't know a\n descriptor or microdescriptor for one of the specified\n relays.\n\n - Avoid an illegal read from stack when initializing the\n TLS module using a version of OpenSSL without all of the\n ciphers used by the v2 link handshake.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=889688\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-08/msg00006.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected tor packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tor-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tor-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"tor-0.2.4.23-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"tor-debuginfo-0.2.4.23-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"tor-debugsource-0.2.4.23-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"tor-0.2.4.23-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"tor-debuginfo-0.2.4.23-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"tor-debugsource-0.2.4.23-5.12.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tor / tor-debuginfo / tor-debugsource\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "openvas": [{"lastseen": "2019-05-29T18:37:42", "bulletinFamily": "scanner", "description": "This host is installed with Tor browser\n and is prone to information disclosure vulnerability.", "modified": "2018-10-12T00:00:00", "published": "2014-10-14T00:00:00", "id": "OPENVAS:1361412562310804934", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804934", "title": "Tor 'Relay Early' Traffic Confirmation Attack Vunerability oct14 (Linux)", "type": "openvas", "sourceData": "#############################################################################/##\n# OpenVAS Vulnerability Test\n# $Id: gb_tor_info_disc_vuln_oct14_lin.nasl 11867 2018-10-12 10:48:11Z cfischer $\n#\n# Tor 'Relay Early' Traffic Confirmation Attack Vunerability oct14 (Linux)\n#\n# Authors:\n# Deepmala <kdeepmala@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:tor:tor\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804934\");\n script_version(\"$Revision: 11867 $\");\n script_cve_id(\"CVE-2014-5117\");\n script_bugtraq_id(68968);\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 12:48:11 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-14 10:45:19 +0530 (Tue, 14 Oct 2014)\");\n\n script_name(\"Tor 'Relay Early' Traffic Confirmation Attack Vunerability oct14 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Tor browser\n and is prone to information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Flaw exists due to an error\n in the handling of sequences of Relay and Relay Early commands.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to manipulate protocol headers and perform traffic confirmation attack.\");\n\n script_tag(name:\"affected\", value:\"Tor browser before 0.2.4.23 and 0.2.5\n before 0.2.5.6-alpha on Linux\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 0.2.4.23 or\n 0.2.5.6-alpha or later.\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/95053\");\n script_xref(name:\"URL\", value:\"https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_tor_detect_lin.nasl\");\n script_mandatory_keys(\"Tor/Linux/Ver\");\n script_xref(name:\"URL\", value:\"https://www.torproject.org\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!torVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif((version_is_less(version:torVer, test_version:\"0.2.4.23\"))||\n (version_in_range(version:torVer, test_version:\"0.2.5\", test_version2:\"0.2.5.5\")))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:37:12", "bulletinFamily": "scanner", "description": "This host is installed with Tor browser\n and is prone to information disclosure vulnerability.", "modified": "2018-10-12T00:00:00", "published": "2014-10-14T00:00:00", "id": "OPENVAS:1361412562310804933", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804933", "title": "Tor 'Relay Early' Traffic Confirmation Attack Vunerability oct14 (Windows)", "type": "openvas", "sourceData": "#############################################################################/##\n# OpenVAS Vulnerability Test\n# $Id: gb_tor_info_disc_vuln_oct14_win.nasl 11867 2018-10-12 10:48:11Z cfischer $\n#\n# Tor 'Relay Early' Traffic Confirmation Attack Vunerability Oct14 (Windows)\n#\n# Authors:\n# Deepmala <kdeepmala@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:tor:tor\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804933\");\n script_version(\"$Revision: 11867 $\");\n script_cve_id(\"CVE-2014-5117\");\n script_bugtraq_id(68968);\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 12:48:11 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-14 09:26:32 +0530 (Tue, 14 Oct 2014)\");\n\n script_name(\"Tor 'Relay Early' Traffic Confirmation Attack Vunerability oct14 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Tor browser\n and is prone to information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Flaw exists due to an error\n in the handling of sequences of Relay and Relay Early commands.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to manipulate protocol headers and perform traffic confirmation attack.\");\n\n script_tag(name:\"affected\", value:\"Tor browser before 0.2.4.23 and 0.2.5\n before 0.2.5.6-alpha on Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 0.2.4.23 or\n 0.2.5.6-alpha or later.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/95053\");\n script_xref(name:\"URL\", value:\"https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_tor_detect_win.nasl\");\n script_mandatory_keys(\"Tor/Win/Ver\");\n script_xref(name:\"URL\", value:\"https://www.torproject.org\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!torVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif((version_is_less(version:torVer, test_version:\"0.2.4.23\"))||\n (version_in_range(version:torVer, test_version:\"0.2.5\", test_version2:\"0.2.5.5\")))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2017-09-04T14:12:36", "bulletinFamily": "scanner", "description": "Several issues have been discovered in Tor, a connection-based\nlow-latency anonymous communication system, resulting in information\nleaks.\n\nRelay-early cells could be used by colluding relays on the network to\ntag user circuits and so deploy traffic confirmation attacks\n[CVE-2014-5117 \n]. The updated version emits a warning and drops the\ncircuit upon receiving inbound relay-early cells, preventing this\nspecific kind of attack. Please consult the following advisory for\nmore details about this issue:\n\nhttps://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack \nA bug in the bounds-checking in the 32-bit curve25519-donna\nimplementation could cause incorrect results on 32-bit\nimplementations when certain malformed inputs were used along with a\nsmall class of private ntor keys. This flaw does not currently\nappear to allow an attacker to learn private keys or impersonate a\nTor server, but it could provide a means to distinguish 32-bit Tor\nimplementations from 64-bit Tor implementations.\n\nThe following additional security-related improvements have been\nimplemented:\n\nAs a client, the new version will effectively stop using CREATE_FAST\ncells. While this adds computational load on the network, this\napproach can improve security on connections where Tor's circuit\nhandshake is stronger than the available TLS connection security\nlevels.\n\nPrepare clients to use fewer entry guards by honoring the consensus\nparameters. The following article provides some background:\n\nhttps://blog.torproject.org/blog/improving-tors-anonymity-changing-guard-parameters", "modified": "2017-08-23T00:00:00", "published": "2014-07-31T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=702993", "id": "OPENVAS:702993", "title": "Debian Security Advisory DSA 2993-1 (tor - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2993.nasl 6995 2017-08-23 11:52:03Z teissa $\n# Auto-generated from advisory DSA 2993-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"tor on Debian Linux\";\ntag_insight = \"Tor is a connection-based low-latency anonymous communication system.\";\ntag_solution = \"For the stable distribution (wheezy), these problems have been fixed in\nversion 0.2.4.23-1~deb7u1.\n\nFor the testing distribution (jessie) and the unstable distribution\n(sid), these problems have been fixed in version 0.2.4.23-1.\n\nFor the experimental distribution, these problems have been fixed in\nversion 0.2.5.6-alpha-1.\n\nWe recommend that you upgrade your tor packages.\";\ntag_summary = \"Several issues have been discovered in Tor, a connection-based\nlow-latency anonymous communication system, resulting in information\nleaks.\n\nRelay-early cells could be used by colluding relays on the network to\ntag user circuits and so deploy traffic confirmation attacks\n[CVE-2014-5117 \n]. The updated version emits a warning and drops the\ncircuit upon receiving inbound relay-early cells, preventing this\nspecific kind of attack. Please consult the following advisory for\nmore details about this issue:\n\nhttps://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack \nA bug in the bounds-checking in the 32-bit curve25519-donna\nimplementation could cause incorrect results on 32-bit\nimplementations when certain malformed inputs were used along with a\nsmall class of private ntor keys. This flaw does not currently\nappear to allow an attacker to learn private keys or impersonate a\nTor server, but it could provide a means to distinguish 32-bit Tor\nimplementations from 64-bit Tor implementations.\n\nThe following additional security-related improvements have been\nimplemented:\n\nAs a client, the new version will effectively stop using CREATE_FAST\ncells. While this adds computational load on the network, this\napproach can improve security on connections where Tor's circuit\nhandshake is stronger than the available TLS connection security\nlevels.\n\nPrepare clients to use fewer entry guards by honoring the consensus\nparameters. The following article provides some background:\n\nhttps://blog.torproject.org/blog/improving-tors-anonymity-changing-guard-parameters\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(702993);\n script_version(\"$Revision: 6995 $\");\n script_cve_id(\"CVE-2014-5117\");\n script_name(\"Debian Security Advisory DSA 2993-1 (tor - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-08-23 13:52:03 +0200 (Wed, 23 Aug 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-07-31 00:00:00 +0200 (Thu, 31 Jul 2014)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2993.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"tor\", ver:\"0.2.4.23-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tor-dbg\", ver:\"0.2.4.23-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tor-geoipdb\", ver:\"0.2.4.23-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tor\", ver:\"0.2.4.23-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tor-dbg\", ver:\"0.2.4.23-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tor-geoipdb\", ver:\"0.2.4.23-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tor\", ver:\"0.2.4.23-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tor-dbg\", ver:\"0.2.4.23-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tor-geoipdb\", ver:\"0.2.4.23-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tor\", ver:\"0.2.4.23-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tor-dbg\", ver:\"0.2.4.23-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tor-geoipdb\", ver:\"0.2.4.23-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:37:14", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-08-15T00:00:00", "id": "OPENVAS:1361412562310868087", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868087", "title": "Fedora Update for tor FEDORA-2014-9073", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tor FEDORA-2014-9073\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868087\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-08-15 05:55:51 +0200 (Fri, 15 Aug 2014)\");\n script_cve_id(\"CVE-2014-5117\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_name(\"Fedora Update for tor FEDORA-2014-9073\");\n script_tag(name:\"affected\", value:\"tor on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-9073\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-August/136524.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tor'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"tor\", rpm:\"tor~0.2.4.23~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:37:28", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-08-15T00:00:00", "id": "OPENVAS:1361412562310868091", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868091", "title": "Fedora Update for tor FEDORA-2014-9082", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tor FEDORA-2014-9082\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868091\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-08-15 05:56:02 +0200 (Fri, 15 Aug 2014)\");\n script_cve_id(\"CVE-2014-5117\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_name(\"Fedora Update for tor FEDORA-2014-9082\");\n script_tag(name:\"affected\", value:\"tor on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-9082\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-August/136742.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tor'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"tor\", rpm:\"tor~0.2.4.23~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:37:09", "bulletinFamily": "scanner", "description": "Several issues have been discovered in Tor, a connection-based\nlow-latency anonymous communication system, resulting in information\nleaks.\n\nRelay-early cells could be used by colluding relays on the network to\ntag user circuits and so deploy traffic confirmation attacks\n[CVE-2014-5117\n]. The updated version emits a warning and drops the\ncircuit upon receiving inbound relay-early cells, preventing this\nspecific kind of attack.\n\nA bug in the bounds-checking in the 32-bit curve25519-donna\nimplementation could cause incorrect results on 32-bit\nimplementations when certain malformed inputs were used along with a\nsmall class of private ntor keys. This flaw does not currently\nappear to allow an attacker to learn private keys or impersonate a\nTor server, but it could provide a means to distinguish 32-bit Tor\nimplementations from 64-bit Tor implementations.\n\nThe following additional security-related improvements have been\nimplemented:\n\nAs a client, the new version will effectively stop using CREATE_FAST\ncells. While this adds computational load on the network, this\napproach can improve security on connections where Tor", "modified": "2019-03-19T00:00:00", "published": "2014-07-31T00:00:00", "id": "OPENVAS:1361412562310702993", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702993", "title": "Debian Security Advisory DSA 2993-1 (tor - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2993.nasl 14302 2019-03-19 08:28:48Z cfischer $\n# Auto-generated from advisory DSA 2993-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702993\");\n script_version(\"$Revision: 14302 $\");\n script_cve_id(\"CVE-2014-5117\");\n script_name(\"Debian Security Advisory DSA 2993-1 (tor - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 09:28:48 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-31 00:00:00 +0200 (Thu, 31 Jul 2014)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-2993.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"tor on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy), these problems have been fixed in\nversion 0.2.4.23-1~deb7u1.\n\nFor the testing distribution (jessie) and the unstable distribution\n(sid), these problems have been fixed in version 0.2.4.23-1.\n\nFor the experimental distribution, these problems have been fixed in\nversion 0.2.5.6-alpha-1.\n\nWe recommend that you upgrade your tor packages.\");\n script_tag(name:\"summary\", value:\"Several issues have been discovered in Tor, a connection-based\nlow-latency anonymous communication system, resulting in information\nleaks.\n\nRelay-early cells could be used by colluding relays on the network to\ntag user circuits and so deploy traffic confirmation attacks\n[CVE-2014-5117\n]. The updated version emits a warning and drops the\ncircuit upon receiving inbound relay-early cells, preventing this\nspecific kind of attack.\n\nA bug in the bounds-checking in the 32-bit curve25519-donna\nimplementation could cause incorrect results on 32-bit\nimplementations when certain malformed inputs were used along with a\nsmall class of private ntor keys. This flaw does not currently\nappear to allow an attacker to learn private keys or impersonate a\nTor server, but it could provide a means to distinguish 32-bit Tor\nimplementations from 64-bit Tor implementations.\n\nThe following additional security-related improvements have been\nimplemented:\n\nAs a client, the new version will effectively stop using CREATE_FAST\ncells. While this adds computational load on the network, this\napproach can improve security on connections where Tor's circuit\nhandshake is stronger than the available TLS connection security\nlevels.\n\nPrepare clients to use fewer entry guards by honoring the consensus\nparameters.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"tor\", ver:\"0.2.4.23-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tor-dbg\", ver:\"0.2.4.23-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tor-geoipdb\", ver:\"0.2.4.23-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:36:12", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-04-06T00:00:00", "id": "OPENVAS:1361412562310869167", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869167", "title": "Fedora Update for tor FEDORA-2015-4478", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tor FEDORA-2015-4478\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869167\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-06 07:12:31 +0200 (Mon, 06 Apr 2015)\");\n script_cve_id(\"CVE-2014-5117\", \"CVE-2015-2688\", \"CVE-2015-2689\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for tor FEDORA-2015-4478\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tor'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"tor on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-4478\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-April/154303.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"tor\", rpm:\"tor~0.2.5.11~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:36:42", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-04-19T00:00:00", "id": "OPENVAS:1361412562310869244", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869244", "title": "Fedora Update for tor FEDORA-2015-5732", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tor FEDORA-2015-5732\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869244\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-19 06:53:53 +0200 (Sun, 19 Apr 2015)\");\n script_cve_id(\"CVE-2014-5117\", \"CVE-2015-2928\", \"CVE-2015-2929\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for tor FEDORA-2015-5732\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tor'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"tor on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-5732\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-April/154814.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"tor\", rpm:\"tor~0.2.5.12~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "debian": [{"lastseen": "2019-05-30T02:21:37", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2993-1 security@debian.org\nhttp://www.debian.org/security/ Peter Palfrader\nJuly 31, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : tor\nCVE ID : CVE-2014-5117\n\nSeveral issues have been discovered in Tor, a connection-based\nlow-latency anonymous communication system, resulting in information\nleaks.\n\no Relay-early cells could be used by colluding relays on the network to\n tag user circuits and so deploy traffic confirmation attacks\n [CVE-2014-5117]. The updated version emits a warning and drops the\n circuit upon receiving inbound relay-early cells, preventing this\n specific kind of attack. Please consult the following advisory for\n more details about this issue:\n\n https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack\n\no A bug in the bounds-checking in the 32-bit curve25519-donna\n implementation could cause incorrect results on 32-bit\n implementations when certain malformed inputs were used along with a\n small class of private ntor keys. This flaw does not currently\n appear to allow an attacker to learn private keys or impersonate a\n Tor server, but it could provide a means to distinguish 32-bit Tor\n implementations from 64-bit Tor implementations.\n\nThe following additional security-related improvements have been\nimplemented:\n\no As a client, the new version will effectively stop using CREATE_FAST\n cells. While this adds computational load on the network, this\n approach can improve security on connections where Tor's circuit\n handshake is stronger than the available TLS connection security\n levels.\n\no Prepare clients to use fewer entry guards by honoring the consensus\n parameters. The following article provides some background:\n\n https://blog.torproject.org/blog/improving-tors-anonymity-changing-guard-parameters\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 0.2.4.23-1~deb7u1.\n\nFor the testing distribution (jessie) and the unstable distribution\n(sid), these problems have been fixed in version 0.2.4.23-1.\n\nFor the experimental distribution, these problems have been fixed in\nversion 0.2.5.6-alpha-1.\n\nWe recommend that you upgrade your tor packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2014-07-31T10:35:07", "published": "2014-07-31T10:35:07", "id": "DEBIAN:DSA-2993-1:44FB3", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00175.html", "title": "[SECURITY] [DSA 2993-1] tor security update", "type": "debian", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:26", "bulletinFamily": "unix", "description": "\nThe Tor Project reports:\n\nTor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a\n\t circuit after an inbound RELAY_EARLY cell is received by a client,\n\t which makes it easier for remote attackers to conduct\n\t traffic-confirmation attacks by using the pattern of RELAY and\n\t RELAY_EARLY cells as a means of communicating information about\n\t hidden service names.\n\n", "modified": "2014-07-30T00:00:00", "published": "2014-07-30T00:00:00", "id": "31C09848-1829-11E4-BF04-60A44C524F57", "href": "https://vuxml.freebsd.org/freebsd/31c09848-1829-11e4-bf04-60a44c524f57.html", "title": "tor -- traffic confirmation attack", "type": "freebsd", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "kitploit": [{"lastseen": "2019-06-26T13:23:32", "bulletinFamily": "tools", "description": "[  ](<https://3.bp.blogspot.com/-26-hahuqtcI/VA5r3yFRrfI/AAAAAAAADFQ/vBwNBAKtGpA/s1600/Tails.png>)\n\n \n\n\nTails is a live operating system, that you can start on almost any computer from a DVD, USB stick, or SD card. It aims at preserving your ** privacy ** and ** anonymity ** , and helps you to: \n\n * ** use the Internet anonymously ** and ** circumvent censorship ** ; \n\nall connections to the Internet are forced to go through [ the Tor network ](<https://www.torproject.org/>) ; \n\n * ** leave no trace ** on the computer you are using unless you ask it explicitly; \n * ** use state-of-the-art cryptographic tools ** to encrypt your files, emails and instant messaging. \n\n \n** Changes **\n\nNotable user-visible changes include: \n\n * Security fixes \n\n * Upgrade the web browser to 24.8.0esr-0+tails1~bpo70+1 (Firefox 24.8.0esr + Iceweasel patches + Torbrowser patches). \n * Add an I2P boot parameter. Without adding \"i2p\" to the kernel command line, I2P will not be accessible for the Live user. I2P was also upgraded to 0.9.14.1-1~deb7u+1, and stricter firewall rules are applied to it, among other security enhancements. \n * Upgrade Tor to 0.2.4.23-2~d70.wheezy+1 (fixes CVE-2014-5117). \n * Upgrade Linux to 3.14.15-2 (fixes CVE-2014-3534, CVE-2014-4667 and CVE-2014-4943). \n * Prevent dhclient from sending the hostname over the network ( [ ticket #7688 ](<https://labs.riseup.net/code/issues/7688>) ). \n * Override the hostname provided by the DHCP server ( [ ticket #7769 ](<https://labs.riseup.net/code/issues/7769>) ). \n * Bugfixes \n\n * Don't ship OpenJDK 6: I2P prefers v7, and we don't need both ( [ ticket #7807 ](<https://labs.riseup.net/code/issues/7807>) ). \n * Prevent Tails Installer from updating the system partition properties on MBR partitions ( [ ticket #7716 ](<https://labs.riseup.net/code/issues/7716>) ). \n * Minor improvements \n\n * Upgrade to Torbutton 1.6.12.1. \n * Install gnome-user-guide ( [ ticket #7618 ](<https://labs.riseup.net/code/issues/7618>) ). \n * Install cups-pk-helper ( [ ticket #7636 ](<https://labs.riseup.net/code/issues/7636>) ). \n * Update the SquashFS sort file, which should speed up boot from DVD ( [ ticket #6372 ](<https://labs.riseup.net/code/issues/6372>) ). \n * Compress the SquashFS more aggressively ( [ ticket #7706 ](<https://labs.riseup.net/code/issues/7706>) ) which should make the Tails ISO image smaller. \n\nSee the [ online Changelog ](<https://git-tails.immerda.ch/tails/plain/debian/changelog>) for technical details. \n\n \n\n\n \n\n\n** [ Download Tails 1.1.1 ](<https://tails.boum.org/download/>) **\n", "modified": "2014-09-09T02:58:40", "published": "2014-09-09T02:58:40", "id": "KITPLOIT:5167596251841349275", "href": "http://www.kitploit.com/2014/09/tails-111-amnesic-incognito-live-system.html", "title": "Tails 1.1.1 - The Amnesic Incognito Live System", "type": "kitploit", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}]}
