{"id": "GLSA-201301-03", "lastseen": "2016-09-06T19:46:37", "viewCount": 1, "bulletinFamily": "unix", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "edition": 1, "enchantments": {"score": {"value": 5.9, "vector": "NONE", "modified": "2016-09-06T19:46:37", "rev": 2}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:865496", "OPENVAS:1361412562310865478", "OPENVAS:1361412562310865300", "OPENVAS:1361412562310865496", "OPENVAS:1361412562310121002", "OPENVAS:72177", "OPENVAS:865478", "OPENVAS:136141256231072177", "OPENVAS:865300"]}, {"type": "nessus", "idList": ["OPENSUSE-2012-660.NASL", "FEDORA_2013-3773.NASL", "OPENSUSE-2012-541.NASL", "FEDORA_2012-14650.NASL", "MANDRIVA_MDVSA-2013-132.NASL", "GENTOO_GLSA-201301-03.NASL", "OPENSUSE-2012-835.NASL", "FEDORA_2013-3434.NASL", "DEBIAN_DSA-2548.NASL", "FEDORA_2012-14638.NASL"]}, {"type": "cve", "idList": ["CVE-2012-4419", "CVE-2012-3519", "CVE-2012-5573", "CVE-2012-3517", "CVE-2012-3518", "CVE-2012-4922"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2548-1:74817"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:28562", "SECURITYVULNS:VULN:12589"]}], "modified": "2016-09-06T19:46:37", "rev": 2}, "vulnersScore": 5.9}, "type": "gentoo", "affectedPackage": [{"arch": "all", "packageFilename": "UNKNOWN", "OSVersion": "any", "operator": "lt", "packageName": "net-misc/tor", "packageVersion": "0.2.3.25", "OS": "Gentoo"}], "description": "### Background\n\nTor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Tor. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could cause a Denial of Service condition or obtain sensitive information. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Tor users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/tor-0.2.3.25\"", "title": "Tor: Multiple vulnerabilities", "cvelist": ["CVE-2012-5573", "CVE-2012-4922", "CVE-2012-3519", "CVE-2012-3517", "CVE-2012-3518", "CVE-2012-4419"], "published": "2013-01-08T00:00:00", "references": ["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3518", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5573", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4922", "https://bugs.gentoo.org/show_bug.cgi?id=444804", "https://bugs.gentoo.org/show_bug.cgi?id=434882", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3517", "https://bugs.gentoo.org/show_bug.cgi?id=432188", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4419", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3519"], "reporter": "Gentoo Foundation", "modified": "2013-01-08T00:00:00", "href": "https://security.gentoo.org/glsa/201301-03", "immutableFields": []}

{"openvas": [{"lastseen": "2019-05-29T18:36:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5573", "CVE-2012-4922", "CVE-2012-3519", "CVE-2012-3517", "CVE-2012-3518", "CVE-2012-4419"], "description": "Gentoo Linux Local Security Checks GLSA 201301-03", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121002", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121002", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201301-03", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201301-03.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121002\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:25:34 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201301-03\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in Tor. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201301-03\");\n script_cve_id(\"CVE-2012-3517\", \"CVE-2012-3518\", \"CVE-2012-3519\", \"CVE-2012-4419\", \"CVE-2012-4922\", \"CVE-2012-5573\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201301-03\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"net-misc/tor\", unaffected: make_list(\"ge 0.2.3.25\"), vulnerable: make_list(\"lt 0.2.3.25\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:39:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3519", "CVE-2012-3518", "CVE-2012-4419"], "description": "The remote host is missing an update to tor\nannounced via advisory DSA 2548-1.", "modified": "2019-03-18T00:00:00", "published": "2012-09-15T00:00:00", "id": "OPENVAS:136141256231072177", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231072177", "type": "openvas", "title": "Debian Security Advisory DSA 2548-1 (tor)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2548_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2548-1 (tor)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.72177\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2012-3518\", \"CVE-2012-3519\", \"CVE-2012-4419\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-15 04:24:59 -0400 (Sat, 15 Sep 2012)\");\n script_name(\"Debian Security Advisory DSA 2548-1 (tor)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB6\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202548-1\");\n script_tag(name:\"insight\", value:\"Severel vulnerabilities have been discovered in Tor, an online privacy\ntool.\n\nCVE-2012-3518\n\nAvoid an uninitialised memory read when reading a vote or consensus\ndocument that has an unrecognized flavour name. This could lead to\na remote, resulting in denial of service.\n\nCVE-2012-3519\n\nTry to leak less information about what relays a client is choosing to\na side-channel attacker.\n\nCVE-2012-4419\n\nBy providing specially crafted date strings to a victim tor instance,\nan attacker can cause it to run into an assertion and shut down\n\nAdditionally the update to stable includes the following fixes:\n\n - - When waiting for a client to renegotiate, don't allow it to add any\nbytes to the input buffer. This fixes a potential DoS issue\n[tor-5934, tor-6007].\n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 0.2.2.39-1.\n\nFor the unstable distribution, these problems have been fixed in version\n0.2.3.22-rc-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your tor packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to tor\nannounced via advisory DSA 2548-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"tor\", ver:\"0.2.2.39-1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tor-dbg\", ver:\"0.2.2.39-1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tor-geoipdb\", ver:\"0.2.2.39-1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-24T12:51:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3519", "CVE-2012-3518", "CVE-2012-4419"], "description": "The remote host is missing an update to tor\nannounced via advisory DSA 2548-1.", "modified": "2017-07-07T00:00:00", "published": "2012-09-15T00:00:00", "id": "OPENVAS:72177", "href": "http://plugins.openvas.org/nasl.php?oid=72177", "type": "openvas", "title": "Debian Security Advisory DSA 2548-1 (tor)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2548_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2548-1 (tor)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Severel vulnerabilities have been discovered in Tor, an online privacy\ntool.\n\nCVE-2012-3518\n\nAvoid an uninitialised memory read when reading a vote or consensus\ndocument that has an unrecognized flavour name. This could lead to\na remote, resulting in denial of service.\n\nCVE-2012-3519\n\nTry to leak less information about what relays a client is choosing to\na side-channel attacker.\n\nCVE-2012-4419\n\nBy providing specially crafted date strings to a victim tor instance,\nan attacker can cause it to run into an assertion and shut down\n\nAdditionally the update to stable includes the following fixes:\n- - When waiting for a client to renegotiate, don't allow it to add any\nbytes to the input buffer. This fixes a potential DoS issue\n[tor-5934, tor-6007].\n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 0.2.2.39-1.\n\nFor the unstable distribution, these problems have been fixed in version\n0.2.3.22-rc-1.\n\nWe recommend that you upgrade your tor packages.\";\ntag_summary = \"The remote host is missing an update to tor\nannounced via advisory DSA 2548-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202548-1\";\n\nif(description)\n{\n script_id(72177);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2012-3518\", \"CVE-2012-3519\", \"CVE-2012-4419\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-15 04:24:59 -0400 (Sat, 15 Sep 2012)\");\n script_name(\"Debian Security Advisory DSA 2548-1 (tor)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"tor\", ver:\"0.2.2.39-1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tor-dbg\", ver:\"0.2.2.39-1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tor-geoipdb\", ver:\"0.2.2.39-1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-22T13:10:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4922", "CVE-2012-4422", "CVE-2012-3517", "CVE-2012-4419"], "description": "Check for the Version of tor", "modified": "2018-01-22T00:00:00", "published": "2013-02-04T00:00:00", "id": "OPENVAS:865300", "href": "http://plugins.openvas.org/nasl.php?oid=865300", "type": "openvas", "title": "Fedora Update for tor FEDORA-2012-14650", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tor FEDORA-2012-14650\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Tor is a connection-based low-latency anonymous communication system.\n\n Applications connect to the local Tor proxy using the SOCKS protocol. The\n local proxy chooses a path through a set of relays, in which each relay\n knows its predecessor and successor, but no others. Traffic flowing down\n the circuit is unwrapped by a symmetric key at each relay, which reveals\n the downstream relay.\n\n Warnings: Tor does no protocol cleaning. That means there is a danger\n that application protocols and associated programs can be induced to\n reveal information about the initiator. Tor depends on Privoxy and\n similar protocol cleaners to solve this problem. This is alpha code,\n and is even more likely than released code to have anonymity-spoiling\n bugs. The present network is very small -- this further reduces the\n strength of the anonymity provided. Tor is not presently suitable for\n high-stakes anonymity.\";\n\n\ntag_affected = \"tor on Fedora 17\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098157.html\");\n script_id(865300);\n script_version(\"$Revision: 8483 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 07:58:04 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-04 09:52:54 +0530 (Mon, 04 Feb 2013)\");\n script_cve_id(\"CVE-2012-4419\", \"CVE-2012-4422\", \"CVE-2012-4922\", \"CVE-2012-3517\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-14650\");\n script_name(\"Fedora Update for tor FEDORA-2012-14650\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tor\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"tor\", rpm:\"tor~0.2.2.39~1700.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4922", "CVE-2012-4422", "CVE-2012-3517", "CVE-2012-4419"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-02-04T00:00:00", "id": "OPENVAS:1361412562310865300", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865300", "type": "openvas", "title": "Fedora Update for tor FEDORA-2012-14650", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tor FEDORA-2012-14650\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098157.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.865300\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-04 09:52:54 +0530 (Mon, 04 Feb 2013)\");\n script_cve_id(\"CVE-2012-4419\", \"CVE-2012-4422\", \"CVE-2012-4922\", \"CVE-2012-3517\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-14650\");\n script_name(\"Fedora Update for tor FEDORA-2012-14650\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tor'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"tor on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"tor\", rpm:\"tor~0.2.2.39~1700.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-02-06T13:10:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5573", "CVE-2012-4422", "CVE-2012-4419"], "description": "Check for the Version of tor", "modified": "2018-02-05T00:00:00", "published": "2013-03-25T00:00:00", "id": "OPENVAS:865496", "href": "http://plugins.openvas.org/nasl.php?oid=865496", "type": "openvas", "title": "Fedora Update for tor FEDORA-2013-3773", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tor FEDORA-2013-3773\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Tor is a connection-based low-latency anonymous communication system.\n\n Applications connect to the local Tor proxy using the SOCKS protocol. The\n local proxy chooses a path through a set of relays, in which each relay\n knows its predecessor and successor, but no others. Traffic flowing down\n the circuit is unwrapped by a symmetric key at each relay, which reveals\n the downstream relay.\n\n Warnings: Tor does no protocol cleaning. That means there is a danger\n that application protocols and associated programs can be induced to\n reveal information about the initiator. Tor depends on Privoxy and\n similar protocol cleaners to solve this problem. This is alpha code,\n and is even more likely than released code to have anonymity-spoiling\n bugs. The present network is very small -- this further reduces the\n strength of the anonymity provided. Tor is not presently suitable for\n high-stakes anonymity.\";\n\n\ntag_affected = \"tor on Fedora 17\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100940.html\");\n script_id(865496);\n script_version(\"$Revision: 8672 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-05 17:39:18 +0100 (Mon, 05 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-25 11:02:45 +0530 (Mon, 25 Mar 2013)\");\n script_cve_id(\"CVE-2012-4419\", \"CVE-2012-4422\", \"CVE-2012-5573\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2013-3773\");\n script_name(\"Fedora Update for tor FEDORA-2013-3773\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tor\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"tor\", rpm:\"tor~0.2.3.25~1702.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5573", "CVE-2012-4422", "CVE-2012-4419"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-03-25T00:00:00", "id": "OPENVAS:1361412562310865496", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865496", "type": "openvas", "title": "Fedora Update for tor FEDORA-2013-3773", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tor FEDORA-2013-3773\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100940.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.865496\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-25 11:02:45 +0530 (Mon, 25 Mar 2013)\");\n script_cve_id(\"CVE-2012-4419\", \"CVE-2012-4422\", \"CVE-2012-5573\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"FEDORA\", value:\"2013-3773\");\n script_name(\"Fedora Update for tor FEDORA-2013-3773\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tor'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"tor on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"tor\", rpm:\"tor~0.2.3.25~1702.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-25T10:52:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5573"], "description": "Check for the Version of tor", "modified": "2017-07-10T00:00:00", "published": "2013-03-19T00:00:00", "id": "OPENVAS:865478", "href": "http://plugins.openvas.org/nasl.php?oid=865478", "type": "openvas", "title": "Fedora Update for tor FEDORA-2013-3434", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tor FEDORA-2013-3434\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Tor is a connection-based low-latency anonymous communication system.\n\n Applications connect to the local Tor proxy using the SOCKS protocol. The\n local proxy chooses a path through a set of relays, in which each relay\n knows its predecessor and successor, but no others. Traffic flowing down\n the circuit is unwrapped by a symmetric key at each relay, which reveals\n the downstream relay.\n\n Warnings: Tor does no protocol cleaning. That means there is a danger\n that application protocols and associated programs can be induced to\n reveal information about the initiator. Tor depends on Privoxy and\n similar protocol cleaners to solve this problem. This is alpha code,\n and is even more likely than released code to have anonymity-spoiling\n bugs. The present network is very small -- this further reduces the\n strength of the anonymity provided. Tor is not presently suitable for\n high-stakes anonymity.\";\n\n\ntag_affected = \"tor on Fedora 18\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100215.html\");\n script_id(865478);\n script_version(\"$Revision: 6628 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:32:47 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-19 09:37:11 +0530 (Tue, 19 Mar 2013)\");\n script_cve_id(\"CVE-2012-5573\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2013-3434\");\n script_name(\"Fedora Update for tor FEDORA-2013-3434\");\n\n script_summary(\"Check for the Version of tor\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"tor\", rpm:\"tor~0.2.3.25~1802.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5573"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-03-19T00:00:00", "id": "OPENVAS:1361412562310865478", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865478", "type": "openvas", "title": "Fedora Update for tor FEDORA-2013-3434", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tor FEDORA-2013-3434\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100215.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.865478\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-19 09:37:11 +0530 (Tue, 19 Mar 2013)\");\n script_cve_id(\"CVE-2012-5573\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"FEDORA\", value:\"2013-3434\");\n script_name(\"Fedora Update for tor FEDORA-2013-3434\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tor'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n script_tag(name:\"affected\", value:\"tor on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"tor\", rpm:\"tor~0.2.3.25~1802.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-01-07T10:54:32", "description": "The remote host is affected by the vulnerability described in GLSA-201301-03\n(Tor: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Tor. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could cause a Denial of Service condition or obtain\n sensitive information.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 21, "published": "2013-01-09T00:00:00", "title": "GLSA-201301-03 : Tor: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5573", "CVE-2012-4922", "CVE-2012-3519", "CVE-2012-3517", "CVE-2012-3518", "CVE-2012-4419"], "modified": "2013-01-09T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:tor", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201301-03.NASL", "href": "https://www.tenable.com/plugins/nessus/63437", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201301-03.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63437);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-3517\", \"CVE-2012-3518\", \"CVE-2012-3519\", \"CVE-2012-4419\", \"CVE-2012-4922\", \"CVE-2012-5573\");\n script_xref(name:\"GLSA\", value:\"201301-03\");\n\n script_name(english:\"GLSA-201301-03 : Tor: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201301-03\n(Tor: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Tor. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could cause a Denial of Service condition or obtain\n sensitive information.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201301-03\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Tor users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/tor-0.2.3.25'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:tor\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-misc/tor\", unaffected:make_list(\"ge 0.2.3.25\"), vulnerable:make_list(\"lt 0.2.3.25\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Tor\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T11:54:08", "description": "Updated tor package fixes security vulnerabilities :\n\nTor before 0.2.2.34, when configured as a client or bridge, sends a\nTLS certificate chain as part of an outgoing OR connection, which\nallows remote relays to bypass intended anonymity properties by\nreading this chain and then determining the set of entry guards that\nthe client or bridge had selected (CVE-2011-2768).\n\nTor before 0.2.2.34, when configured as a bridge, accepts the CREATE\nand CREATE_FAST values in the Command field of a cell within an OR\nconnection that it initiated, which allows remote relays to enumerate\nbridges by using these values (CVE-2011-2769).\n\nUse-after-free vulnerability in dns.c in Tor before 0.2.2.38 might\nallow remote attackers to cause a denial of service (daemon crash) via\nvectors related to failed DNS requests (CVE-2012-3517).\n\nThe networkstatus_parse_vote_from_string function in routerparse.c in\nTor before 0.2.2.38 does not properly handle an invalid flavor name,\nwhich allows remote attackers to cause a denial of service\n(out-of-bounds read and daemon crash) via a crafted (1) vote document\nor (2) consensus document (CVE-2012-3518).\n\nrouterlist.c in Tor before 0.2.2.38 uses a different amount of time\nfor relay-list iteration depending on which relay is chosen, which\nmight allow remote attackers to obtain sensitive information about\nrelay selection via a timing side-channel attack (CVE-2012-3519).\n\nThe compare_tor_addr_to_addr_policy function in or/policies.c in Tor\nbefore 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote\nattackers to cause a denial of service (assertion failure and daemon\nexit) via a zero-valued port field that is not properly handled during\npolicy comparison (CVE-2012-4419).\n\nTor before 0.2.2.39, when waiting for a client to renegotiate, allowed\nit to add bytes to the input buffer, allowing a crash to be caused\nremotely (tor-5934, tor-6007).\n\nDenial of Service vulnerability in Tor before 0.2.3.25, due to an\nerror when handling SENDME cells and can be exploited to cause\nexcessive consumption of memory resources within an entry node\n(SA51329, CVE-2012-5573).\n\nThe version of Tor shipped in MBS1 did not have correctly formed\nsystemd unit and thus failed to start.\n\nThis updated version corrects this problem and restores working\nbehaviour.", "edition": 25, "published": "2013-04-20T00:00:00", "title": "Mandriva Linux Security Advisory : tor (MDVSA-2013:132)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5573", "CVE-2012-3519", "CVE-2012-3517", "CVE-2011-2769", "CVE-2012-3518", "CVE-2012-4419", "CVE-2011-2768"], "modified": "2013-04-20T00:00:00", "cpe": ["cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:tor"], "id": "MANDRIVA_MDVSA-2013-132.NASL", "href": "https://www.tenable.com/plugins/nessus/66144", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2013:132. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66144);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-2768\", \"CVE-2011-2769\", \"CVE-2012-3517\", \"CVE-2012-3518\", \"CVE-2012-3519\", \"CVE-2012-4419\", \"CVE-2012-5573\");\n script_bugtraq_id(50414, 55128, 55519, 56675);\n script_xref(name:\"MDVSA\", value:\"2013:132\");\n script_xref(name:\"MGASA\", value:\"2012-0276\");\n script_xref(name:\"MGASA\", value:\"2012-0356\");\n\n script_name(english:\"Mandriva Linux Security Advisory : tor (MDVSA-2013:132)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandriva Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tor package fixes security vulnerabilities :\n\nTor before 0.2.2.34, when configured as a client or bridge, sends a\nTLS certificate chain as part of an outgoing OR connection, which\nallows remote relays to bypass intended anonymity properties by\nreading this chain and then determining the set of entry guards that\nthe client or bridge had selected (CVE-2011-2768).\n\nTor before 0.2.2.34, when configured as a bridge, accepts the CREATE\nand CREATE_FAST values in the Command field of a cell within an OR\nconnection that it initiated, which allows remote relays to enumerate\nbridges by using these values (CVE-2011-2769).\n\nUse-after-free vulnerability in dns.c in Tor before 0.2.2.38 might\nallow remote attackers to cause a denial of service (daemon crash) via\nvectors related to failed DNS requests (CVE-2012-3517).\n\nThe networkstatus_parse_vote_from_string function in routerparse.c in\nTor before 0.2.2.38 does not properly handle an invalid flavor name,\nwhich allows remote attackers to cause a denial of service\n(out-of-bounds read and daemon crash) via a crafted (1) vote document\nor (2) consensus document (CVE-2012-3518).\n\nrouterlist.c in Tor before 0.2.2.38 uses a different amount of time\nfor relay-list iteration depending on which relay is chosen, which\nmight allow remote attackers to obtain sensitive information about\nrelay selection via a timing side-channel attack (CVE-2012-3519).\n\nThe compare_tor_addr_to_addr_policy function in or/policies.c in Tor\nbefore 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote\nattackers to cause a denial of service (assertion failure and daemon\nexit) via a zero-valued port field that is not properly handled during\npolicy comparison (CVE-2012-4419).\n\nTor before 0.2.2.39, when waiting for a client to renegotiate, allowed\nit to add bytes to the input buffer, allowing a crash to be caused\nremotely (tor-5934, tor-6007).\n\nDenial of Service vulnerability in Tor before 0.2.3.25, due to an\nerror when handling SENDME cells and can be exploited to cause\nexcessive consumption of memory resources within an entry node\n(SA51329, CVE-2012-5573).\n\nThe version of Tor shipped in MBS1 did not have correctly formed\nsystemd unit and thus failed to start.\n\nThis updated version corrects this problem and restores working\nbehaviour.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://wiki.mageia.org/en/Support/Advisories/MGAA-2012-0184\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected tor package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tor\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"tor-0.2.2.39-1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-01-20T12:25:27", "description": "Tor 0.2.2.38 fixes a rare race condition that can crash exit relays;\nfixes a remotely triggerable crash bug; and fixes a timing attack that\ncould in theory leak path information.", "edition": 18, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : tor (openSUSE-SU-2012:1068-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3519", "CVE-2012-3517", "CVE-2012-3518"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tor-debugsource", "p-cpe:/a:novell:opensuse:tor-debuginfo", "p-cpe:/a:novell:opensuse:tor", "cpe:/o:novell:opensuse:12.2"], "id": "OPENSUSE-2012-541.NASL", "href": "https://www.tenable.com/plugins/nessus/74733", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-541.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74733);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-3517\", \"CVE-2012-3518\", \"CVE-2012-3519\");\n\n script_name(english:\"openSUSE Security Update : tor (openSUSE-SU-2012:1068-1)\");\n script_summary(english:\"Check for the openSUSE-2012-541 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Tor 0.2.2.38 fixes a rare race condition that can crash exit relays;\nfixes a remotely triggerable crash bug; and fixes a timing attack that\ncould in theory leak path information.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=776642\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-08/msg00048.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected tor packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tor-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tor-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.2\", reference:\"tor-0.2.2.38-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"tor-debuginfo-0.2.2.38-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"tor-debugsource-0.2.2.38-3.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tor\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:10:06", "description": ". .\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2013-02-04T00:00:00", "title": "Fedora 17 : tor-0.2.2.39-1700.fc17 (2012-14650)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4922", "CVE-2012-3517", "CVE-2012-4419"], "modified": "2013-02-04T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:17", "p-cpe:/a:fedoraproject:fedora:tor"], "id": "FEDORA_2012-14650.NASL", "href": "https://www.tenable.com/plugins/nessus/64440", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-14650.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64440);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-3517\", \"CVE-2012-4419\", \"CVE-2012-4922\");\n script_bugtraq_id(55128, 55519);\n script_xref(name:\"FEDORA\", value:\"2012-14650\");\n\n script_name(english:\"Fedora 17 : tor-0.2.2.39-1700.fc17 (2012-14650)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\". .\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=849949\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=856988\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-February/098157.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?eb32510d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected tor package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tor\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"tor-0.2.2.39-1700.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tor\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:10:05", "description": ". . .\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2012-09-24T00:00:00", "title": "Fedora 18 : tor-0.2.2.39-1800.fc18 (2012-14638)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4922", "CVE-2012-3517", "CVE-2012-4419"], "modified": "2012-09-24T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:18", "p-cpe:/a:fedoraproject:fedora:tor"], "id": "FEDORA_2012-14638.NASL", "href": "https://www.tenable.com/plugins/nessus/62234", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-14638.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62234);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-3517\", \"CVE-2012-4419\", \"CVE-2012-4922\");\n script_bugtraq_id(55128);\n script_xref(name:\"FEDORA\", value:\"2012-14638\");\n\n script_name(english:\"Fedora 18 : tor-0.2.2.39-1800.fc18 (2012-14638)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\". . .\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=849949\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=856988\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-September/088006.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?acfbb7d3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected tor package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tor\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"tor-0.2.2.39-1800.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tor\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T09:47:35", "description": "Several vulnerabilities have been discovered in Tor, an online privacy\ntool.\n\n - CVE-2012-3518\n Avoid an uninitialised memory read when reading a vote\n or consensus document that has an unrecognized flavour\n name. This could lead to a remote crash, resulting in\n denial of service.\n\n - CVE-2012-3519\n Try to leak less information about what relays a client\n is choosing to a side-channel attacker.\n\n - CVE-2012-4419\n By providing specially crafted date strings to a victim\n tor instance, an attacker can cause it to run into an\n assertion and shut down.\n\nAdditionally the update to stable includes the following fixes: when\nwaiting for a client to renegotiate, don't allow it to add any bytes\nto the input buffer. This fixes a potential DoS issue [ tor-5934,\ntor-6007].", "edition": 17, "published": "2012-09-14T00:00:00", "title": "Debian DSA-2548-1 : tor - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3519", "CVE-2012-3518", "CVE-2012-4419"], "modified": "2012-09-14T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:tor"], "id": "DEBIAN_DSA-2548.NASL", "href": "https://www.tenable.com/plugins/nessus/62086", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2548. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62086);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-3518\", \"CVE-2012-3519\", \"CVE-2012-4419\");\n script_xref(name:\"DSA\", value:\"2548\");\n\n script_name(english:\"Debian DSA-2548-1 : tor - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in Tor, an online privacy\ntool.\n\n - CVE-2012-3518\n Avoid an uninitialised memory read when reading a vote\n or consensus document that has an unrecognized flavour\n name. This could lead to a remote crash, resulting in\n denial of service.\n\n - CVE-2012-3519\n Try to leak less information about what relays a client\n is choosing to a side-channel attacker.\n\n - CVE-2012-4419\n By providing specially crafted date strings to a victim\n tor instance, an attacker can cause it to run into an\n assertion and shut down.\n\nAdditionally the update to stable includes the following fixes: when\nwaiting for a client to renegotiate, don't allow it to add any bytes\nto the input buffer. This fixes a potential DoS issue [ tor-5934,\ntor-6007].\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-3518\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-3519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-4419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://trac.torproject.org/projects/tor/ticket/5934\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://trac.torproject.org/projects/tor/ticket/6007\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/tor\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2548\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tor packages.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 0.2.2.39-1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tor\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"tor\", reference:\"0.2.2.39-1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"tor-dbg\", reference:\"0.2.2.39-1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"tor-geoipdb\", reference:\"0.2.2.39-1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-20T12:25:32", "description": " - update to 0.2.2.39 [bnc#780620] Changes in version\n 0.2.2.39 - 2012-09-11 Tor 0.2.2.39 fixes two more\n opportunities for remotely triggerable assertions. o\n Security fixes :\n\n - Fix an assertion failure in tor_timegm() that could be\n triggered by a badly formatted directory object\n (CVE-2012-4922).\n\n - Do not crash when comparing an address with port value 0\n to an address policy. This bug could have been used to\n cause a remote assertion failure by or against directory\n authorities, or to allow some applications to crash\n clients (CVE-2012-4419).", "edition": 18, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : tor (openSUSE-SU-2012:1278-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4922", "CVE-2012-4419"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tor-debugsource", "p-cpe:/a:novell:opensuse:tor-debuginfo", "p-cpe:/a:novell:opensuse:tor", "cpe:/o:novell:opensuse:12.2"], "id": "OPENSUSE-2012-660.NASL", "href": "https://www.tenable.com/plugins/nessus/74768", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-660.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74768);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-4419\", \"CVE-2012-4922\");\n\n script_name(english:\"openSUSE Security Update : tor (openSUSE-SU-2012:1278-1)\");\n script_summary(english:\"Check for the openSUSE-2012-660 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - update to 0.2.2.39 [bnc#780620] Changes in version\n 0.2.2.39 - 2012-09-11 Tor 0.2.2.39 fixes two more\n opportunities for remotely triggerable assertions. o\n Security fixes :\n\n - Fix an assertion failure in tor_timegm() that could be\n triggered by a badly formatted directory object\n (CVE-2012-4922).\n\n - Do not crash when comparing an address with port value 0\n to an address policy. This bug could have been used to\n cause a remote assertion failure by or against directory\n authorities, or to allow some applications to crash\n clients (CVE-2012-4419).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=780620\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-10/msg00005.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected tor packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tor-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tor-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.2\", reference:\"tor-0.2.2.39-3.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"tor-debuginfo-0.2.2.39-3.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"tor-debugsource-0.2.2.39-3.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tor / tor-debuginfo / tor-debugsource\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:11:45", "description": "Significant package cleanup, including :\n\n - remove dependency on fedora-usermgmt\n\n - merge tor-core, tor-systemd and torify into previously\n empty tor package\n\n - remove unnecessary /var/run/tor\n\n - disallow group read for /var/log/tor\n\n - use --defaults-torrc as recommended by upstream\n\n - increase LimitNOFILE in tor.service from 4096 to 32768\n\n - torify subpackage should depend on torsocks not tsocks\n (#908569) Fix outstanding security issues, plus\n package cleanup torify subpackage should depend on\n torsocks not tsocks\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2013-03-25T00:00:00", "title": "Fedora 17 : tor-0.2.3.25-1702.fc17 (2013-3773)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5573"], "modified": "2013-03-25T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:17", "p-cpe:/a:fedoraproject:fedora:tor"], "id": "FEDORA_2013-3773.NASL", "href": "https://www.tenable.com/plugins/nessus/65671", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-3773.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(65671);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-5573\");\n script_xref(name:\"FEDORA\", value:\"2013-3773\");\n\n script_name(english:\"Fedora 17 : tor-0.2.3.25-1702.fc17 (2013-3773)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Significant package cleanup, including :\n\n - remove dependency on fedora-usermgmt\n\n - merge tor-core, tor-systemd and torify into previously\n empty tor package\n\n - remove unnecessary /var/run/tor\n\n - disallow group read for /var/log/tor\n\n - use --defaults-torrc as recommended by upstream\n\n - increase LimitNOFILE in tor.service from 4096 to 32768\n\n - torify subpackage should depend on torsocks not tsocks\n (#908569) Fix outstanding security issues, plus\n package cleanup torify subpackage should depend on\n torsocks not tsocks\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=880310\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-March/100940.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?19d872d6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected tor package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tor\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"tor-0.2.3.25-1702.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tor\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-20T12:25:58", "description": " - Tear down the circuit when receiving an unexpected\n SENDME cell. Prevents circumvention of the network's\n flow control, exhaustion of network resources and\n possible denial-of-service attacks on entry nodes\n [bnc#791374] CVE-2012-5573, adding\n tor-0.2.2.39-SENDME-DOS.patch", "edition": 20, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : tor (openSUSE-SU-2012:1624-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5573"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tor-debugsource", "p-cpe:/a:novell:opensuse:tor-debuginfo", "p-cpe:/a:novell:opensuse:tor", "cpe:/o:novell:opensuse:12.2"], "id": "OPENSUSE-2012-835.NASL", "href": "https://www.tenable.com/plugins/nessus/74828", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-835.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74828);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-5573\");\n\n script_name(english:\"openSUSE Security Update : tor (openSUSE-SU-2012:1624-1)\");\n script_summary(english:\"Check for the openSUSE-2012-835 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Tear down the circuit when receiving an unexpected\n SENDME cell. Prevents circumvention of the network's\n flow control, exhaustion of network resources and\n possible denial-of-service attacks on entry nodes\n [bnc#791374] CVE-2012-5573, adding\n tor-0.2.2.39-SENDME-DOS.patch\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=791374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-12/msg00018.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected tor packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tor-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tor-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.2\", reference:\"tor-0.2.2.39-3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"tor-debuginfo-0.2.2.39-3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"tor-debugsource-0.2.2.39-3.13.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tor / tor-debuginfo / tor-debugsource\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:11:44", "description": "Update for security and massive revamp of spec Fix outstanding\nsecurity issues, plus package cleanup torify subpackage should depend\non torsocks not tsocks\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2013-03-17T00:00:00", "title": "Fedora 18 : tor-0.2.3.25-1802.fc18 (2013-3434)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5573"], "modified": "2013-03-17T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:18", "p-cpe:/a:fedoraproject:fedora:tor"], "id": "FEDORA_2013-3434.NASL", "href": "https://www.tenable.com/plugins/nessus/65591", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-3434.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(65591);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-5573\");\n script_bugtraq_id(56675);\n script_xref(name:\"FEDORA\", value:\"2013-3434\");\n\n script_name(english:\"Fedora 18 : tor-0.2.3.25-1802.fc18 (2013-3434)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update for security and massive revamp of spec Fix outstanding\nsecurity issues, plus package cleanup torify subpackage should depend\non torsocks not tsocks\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=880310\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-March/100215.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7a9b0843\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected tor package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tor\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"tor-0.2.3.25-1802.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tor\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2021-02-02T05:59:55", "description": "The tor_timegm function in common/util.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.22-rc, does not properly validate time values, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed directory object, a different vulnerability than CVE-2012-4419.", "edition": 6, "cvss3": {}, "published": "2012-09-14T18:55:00", "title": "CVE-2012-4922", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4922"], "modified": "2013-08-22T03:59:00", "cpe": ["cpe:/a:torproject:tor:0.0.7.2", "cpe:/a:torproject:tor:0.1.0.10", "cpe:/a:torproject:tor:0.0.9.10", "cpe:/a:torproject:tor:0.0.5", "cpe:/a:torproject:tor:0.2.2.20", "cpe:/a:torproject:tor:0.1.0.14", "cpe:/a:torproject:tor:0.1.0.13", "cpe:/a:torproject:tor:0.1.0.11", "cpe:/a:torproject:tor:0.2.2.23", "cpe:/a:torproject:tor:0.0.7.1", "cpe:/a:torproject:tor:0.1.2.16", "cpe:/a:torproject:tor:0.2.2.35", "cpe:/a:torproject:tor:0.1.2.13", "cpe:/a:torproject:tor:0.1.1.23", "cpe:/a:torproject:tor:0.0.9.4", "cpe:/a:torproject:tor:0.1.1.20", "cpe:/a:torproject:tor:0.1.2.15", "cpe:/a:torproject:tor:0.0.2", "cpe:/a:torproject:tor:0.2.0.31", "cpe:/a:torproject:tor:0.2.2.22", "cpe:/a:torproject:tor:0.2.0.34", "cpe:/a:torproject:tor:0.2.3", "cpe:/a:torproject:tor:0.0.8.1", "cpe:/a:torproject:tor:0.1.0.16", "cpe:/a:torproject:tor:0.1.1.24", "cpe:/a:torproject:tor:0.2.3.16", "cpe:/a:torproject:tor:0.2.3.19", "cpe:/a:torproject:tor:0.0.7.3", "cpe:/a:torproject:tor:0.1.2.17", "cpe:/a:torproject:tor:0.0.3", "cpe:/a:torproject:tor:0.2.3.21", "cpe:/a:torproject:tor:0.2.2.24", "cpe:/a:torproject:tor:0.2.2.38", "cpe:/a:torproject:tor:0.2.2.33", "cpe:/a:torproject:tor:0.2.2.28", "cpe:/a:torproject:tor:0.0.9.5", "cpe:/a:torproject:tor:0.2.2.32", "cpe:/a:torproject:tor:0.1.0.12", "cpe:/a:torproject:tor:0.2.2.29", "cpe:/a:torproject:tor:0.0.6", "cpe:/a:torproject:tor:0.2.0.32", "cpe:/a:torproject:tor:0.2.3.14", "cpe:/a:torproject:tor:0.1.2.14", "cpe:/a:torproject:tor:0.0.7", "cpe:/a:torproject:tor:0.2.2.25", "cpe:/a:torproject:tor:0.2.3.17", "cpe:/a:torproject:tor:0.2.2.19", "cpe:/a:torproject:tor:0.2.3.15", "cpe:/a:torproject:tor:0.1.0.17", "cpe:/a:torproject:tor:0.1.1.22", "cpe:/a:torproject:tor:0.2.2.27", "cpe:/a:torproject:tor:0.2.0.35", "cpe:/a:torproject:tor:0.1.1.25", "cpe:/a:torproject:tor:0.0.9.1", "cpe:/a:torproject:tor:0.2.3.20", "cpe:/a:torproject:tor:0.2.0.30", "cpe:/a:torproject:tor:0.2.3.18", "cpe:/a:torproject:tor:0.0.9.9", "cpe:/a:torproject:tor:0.1.0.15", "cpe:/a:torproject:tor:0.0.9.3", "cpe:/a:torproject:tor:0.2.2.21", "cpe:/a:torproject:tor:0.0.9.2", "cpe:/a:torproject:tor:0.2.2.31", "cpe:/a:torproject:tor:0.0.4", "cpe:/a:torproject:tor:0.2.2.26", "cpe:/a:torproject:tor:0.1.2.18", "cpe:/a:torproject:tor:0.0.6.1", "cpe:/a:torproject:tor:0.2.2.18", "cpe:/a:torproject:tor:0.2.2.36", "cpe:/a:torproject:tor:0.1.2.19", "cpe:/a:torproject:tor:0.2.0.33", "cpe:/a:torproject:tor:0.0.9.6", "cpe:/a:torproject:tor:0.0.9.7", "cpe:/a:torproject:tor:0.0.9.8", "cpe:/a:torproject:tor:0.2.2.30", "cpe:/a:torproject:tor:0.1.1.21", "cpe:/a:torproject:tor:0.2.3.13", "cpe:/a:torproject:tor:0.1.1.26", "cpe:/a:torproject:tor:0.2.2.34", "cpe:/a:torproject:tor:0.0.6.2", "cpe:/a:torproject:tor:0.2.2.37"], "id": "CVE-2012-4922", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4922", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:torproject:tor:0.1.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.2:pre24:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.2.14:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.3.21:rc:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.21:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.1.22:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.3.20:rc:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.9.5:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.3.14:alpha:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.0.34:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.2:pre27:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.35:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.36:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.2:pre13:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.2:pre17:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.31:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.2.18:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.19:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.1.25:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.24:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.29:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.3.13:alpha:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.2:pre18:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.9.4:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.2:pre25:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.1.26:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.2:pre23:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.1.20:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.3.18:rc:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.3.17:beta:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.1.23:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.22:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.2.15:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.37:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.9.8:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.1.24:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.2:pre15:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.25:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.2:pre19:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.32:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.2:pre21:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.38:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.33:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.2:pre20:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.2.13:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.28:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.2:pre16:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.2.16:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.34:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.2:pre22:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.20:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.18:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.9.6:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.9.7:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.27:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.2:pre26:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.3.19:rc:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.9.10:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.23:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.30:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.2:pre14:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.3.16:alpha:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.2.17:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.9.9:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.3.15:alpha:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.1.21:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.26:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.2.19:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:59:51", "description": "The networkstatus_parse_vote_from_string function in routerparse.c in Tor before 0.2.2.38 does not properly handle an invalid flavor name, which allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted (1) vote document or (2) consensus document.", "edition": 6, "cvss3": {}, "published": "2012-08-26T03:17:00", "title": "CVE-2012-3518", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3518"], "modified": "2013-08-22T03:56:00", "cpe": ["cpe:/a:tor:tor:0.2.2.37"], "id": "CVE-2012-3518", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3518", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:tor:tor:0.2.2.37:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:59:51", "description": "Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might allow remote attackers to cause a denial of service (daemon crash) via vectors related to failed DNS requests.", "edition": 6, "cvss3": {}, "published": "2012-08-26T03:17:00", "title": "CVE-2012-3517", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3517"], "modified": "2013-08-22T03:56:00", "cpe": ["cpe:/a:tor:tor:0.2.2.37"], "id": "CVE-2012-3517", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3517", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:tor:tor:0.2.2.37:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:59:54", "description": "The compare_tor_addr_to_addr_policy function in or/policies.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a zero-valued port field that is not properly handled during policy comparison.", "edition": 6, "cvss3": {}, "published": "2012-09-14T18:55:00", "title": "CVE-2012-4419", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4419"], "modified": "2013-08-22T03:58:00", "cpe": ["cpe:/a:torproject:tor:0.0.7.2", "cpe:/a:torproject:tor:0.1.0.10", "cpe:/a:torproject:tor:0.0.9.10", "cpe:/a:torproject:tor:0.0.5", "cpe:/a:torproject:tor:0.2.2.20", "cpe:/a:torproject:tor:0.1.0.14", "cpe:/a:torproject:tor:0.1.0.13", "cpe:/a:torproject:tor:0.1.0.11", "cpe:/a:torproject:tor:0.2.2.23", "cpe:/a:torproject:tor:0.0.7.1", "cpe:/a:torproject:tor:0.1.2.16", "cpe:/a:torproject:tor:0.2.2.35", "cpe:/a:torproject:tor:0.1.2.13", "cpe:/a:torproject:tor:0.1.1.23", "cpe:/a:torproject:tor:0.0.9.4", "cpe:/a:torproject:tor:0.1.1.20", "cpe:/a:torproject:tor:0.1.2.15", "cpe:/a:torproject:tor:0.0.2", "cpe:/a:torproject:tor:0.2.0.31", "cpe:/a:torproject:tor:0.2.2.22", "cpe:/a:torproject:tor:0.2.0.34", "cpe:/a:torproject:tor:0.2.3", "cpe:/a:torproject:tor:0.0.8.1", "cpe:/a:torproject:tor:0.1.0.16", "cpe:/a:torproject:tor:0.1.1.24", "cpe:/a:torproject:tor:0.2.3.16", "cpe:/a:torproject:tor:0.2.3.19", "cpe:/a:torproject:tor:0.0.7.3", "cpe:/a:torproject:tor:0.1.2.17", "cpe:/a:torproject:tor:0.0.3", "cpe:/a:torproject:tor:0.2.2.24", "cpe:/a:torproject:tor:0.2.2.38", "cpe:/a:torproject:tor:0.2.2.33", "cpe:/a:torproject:tor:0.2.2.28", "cpe:/a:torproject:tor:0.0.9.5", "cpe:/a:torproject:tor:0.2.2.32", "cpe:/a:torproject:tor:0.1.0.12", "cpe:/a:torproject:tor:0.2.2.29", "cpe:/a:torproject:tor:0.0.6", "cpe:/a:torproject:tor:0.2.0.32", "cpe:/a:torproject:tor:0.2.3.14", "cpe:/a:torproject:tor:0.1.2.14", "cpe:/a:torproject:tor:0.0.7", "cpe:/a:torproject:tor:0.2.2.25", "cpe:/a:torproject:tor:0.2.3.17", "cpe:/a:torproject:tor:0.2.2.19", "cpe:/a:torproject:tor:0.2.3.15", "cpe:/a:torproject:tor:0.1.0.17", "cpe:/a:torproject:tor:0.1.1.22", "cpe:/a:torproject:tor:0.2.2.27", "cpe:/a:torproject:tor:0.2.0.35", "cpe:/a:torproject:tor:0.1.1.25", "cpe:/a:torproject:tor:0.0.9.1", "cpe:/a:torproject:tor:0.2.3.20", "cpe:/a:torproject:tor:0.2.0.30", "cpe:/a:torproject:tor:0.2.3.18", "cpe:/a:torproject:tor:0.0.9.9", "cpe:/a:torproject:tor:0.1.0.15", "cpe:/a:torproject:tor:0.0.9.3", "cpe:/a:torproject:tor:0.2.2.21", "cpe:/a:torproject:tor:0.0.9.2", "cpe:/a:torproject:tor:0.2.2.31", "cpe:/a:torproject:tor:0.0.4", "cpe:/a:torproject:tor:0.2.2.26", "cpe:/a:torproject:tor:0.1.2.18", "cpe:/a:torproject:tor:0.0.6.1", "cpe:/a:torproject:tor:0.2.2.18", "cpe:/a:torproject:tor:0.2.2.36", "cpe:/a:torproject:tor:0.1.2.19", "cpe:/a:torproject:tor:0.2.0.33", "cpe:/a:torproject:tor:0.0.9.6", "cpe:/a:torproject:tor:0.0.9.7", "cpe:/a:torproject:tor:0.0.9.8", "cpe:/a:torproject:tor:0.2.2.30", "cpe:/a:torproject:tor:0.1.1.21", "cpe:/a:torproject:tor:0.2.3.13", "cpe:/a:torproject:tor:0.1.1.26", "cpe:/a:torproject:tor:0.2.2.34", "cpe:/a:torproject:tor:0.0.6.2", "cpe:/a:torproject:tor:0.2.2.37"], "id": "CVE-2012-4419", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4419", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:torproject:tor:0.1.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.2:pre24:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.2.14:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.21:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.1.22:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.3.20:rc:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.9.5:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.3.14:alpha:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.0.34:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.2:pre27:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.35:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.36:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.2:pre13:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.2:pre17:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.31:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.2.18:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.19:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.1.25:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.24:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.29:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.3.13:alpha:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.2:pre18:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.9.4:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.2:pre25:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.1.26:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.2:pre23:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.1.20:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.3.18:rc:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.3.17:beta:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.1.23:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.22:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.2.15:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.37:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.9.8:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.1.24:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.2:pre15:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.25:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.2:pre19:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.32:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.2:pre21:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.38:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.33:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.2:pre20:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.2.13:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.28:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.2:pre16:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.2.16:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.34:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.2:pre22:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.20:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.18:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.9.6:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.9.7:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.27:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.2:pre26:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.3.19:rc:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.9.10:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.23:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.30:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.2:pre14:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.3.16:alpha:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.2.17:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.9.9:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.3.15:alpha:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.1.21:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.26:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.2.19:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:59:51", "description": "routerlist.c in Tor before 0.2.2.38 uses a different amount of time for relay-list iteration depending on which relay is chosen, which might allow remote attackers to obtain sensitive information about relay selection via a timing side-channel attack.", "edition": 6, "cvss3": {}, "published": "2012-08-26T03:17:00", "title": "CVE-2012-3519", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3519"], "modified": "2013-08-22T03:56:00", "cpe": ["cpe:/a:tor:tor:0.2.2.37"], "id": "CVE-2012-3519", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3519", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:tor:tor:0.2.2.37:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:59:56", "description": "The connection_edge_process_relay_cell function in or/relay.c in Tor before 0.2.3.25 maintains circuits even if an unexpected SENDME cell arrives, which might allow remote attackers to cause a denial of service (memory consumption or excessive cell reception rate) or bypass intended flow-control restrictions via a RELAY_COMMAND_SENDME command.", "edition": 6, "cvss3": {}, "published": "2013-01-01T12:35:00", "title": "CVE-2012-5573", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5573"], "modified": "2017-08-29T01:32:00", "cpe": ["cpe:/a:torproject:tor:0.0.7.2", "cpe:/a:torproject:tor:0.2.3.22", "cpe:/a:torproject:tor:0.1.0.10", "cpe:/a:torproject:tor:0.0.9.10", "cpe:/a:torproject:tor:0.0.5", "cpe:/a:torproject:tor:0.2.2.20", "cpe:/a:torproject:tor:0.1.0.14", "cpe:/a:torproject:tor:0.1.0.13", "cpe:/a:torproject:tor:0.1.0.11", "cpe:/a:torproject:tor:0.2.2.23", "cpe:/a:torproject:tor:0.0.7.1", "cpe:/a:torproject:tor:0.1.2.16", "cpe:/a:torproject:tor:0.2.2.35", "cpe:/a:torproject:tor:0.1.2.13", "cpe:/a:torproject:tor:0.1.1.23", "cpe:/a:torproject:tor:0.0.9.4", "cpe:/a:torproject:tor:0.1.1.20", "cpe:/a:torproject:tor:0.1.2.15", "cpe:/a:torproject:tor:0.0.2", "cpe:/a:torproject:tor:0.2.0.31", "cpe:/a:torproject:tor:0.2.2.22", "cpe:/a:torproject:tor:0.2.0.34", "cpe:/a:torproject:tor:0.2.3", "cpe:/a:torproject:tor:0.0.8.1", "cpe:/a:torproject:tor:0.1.0.16", "cpe:/a:torproject:tor:0.1.1.24", "cpe:/a:torproject:tor:0.2.3.16", "cpe:/a:torproject:tor:0.2.3.19", "cpe:/a:torproject:tor:0.0.7.3", "cpe:/a:torproject:tor:0.1.2.17", "cpe:/a:torproject:tor:0.0.3", "cpe:/a:torproject:tor:0.2.3.21", "cpe:/a:torproject:tor:0.2.2.24", "cpe:/a:torproject:tor:0.2.3.24", "cpe:/a:torproject:tor:0.2.2.38", "cpe:/a:torproject:tor:0.2.2.33", "cpe:/a:torproject:tor:0.2.2.28", "cpe:/a:torproject:tor:0.0.9.5", "cpe:/a:torproject:tor:0.2.2.32", "cpe:/a:torproject:tor:0.2.3.23", "cpe:/a:torproject:tor:0.1.0.12", "cpe:/a:torproject:tor:0.2.2.29", "cpe:/a:torproject:tor:0.0.6", "cpe:/a:torproject:tor:0.2.0.32", "cpe:/a:torproject:tor:0.2.3.14", "cpe:/a:torproject:tor:0.1.2.14", "cpe:/a:torproject:tor:0.0.7", "cpe:/a:torproject:tor:0.2.2.25", "cpe:/a:torproject:tor:0.2.3.17", "cpe:/a:torproject:tor:0.2.2.19", "cpe:/a:torproject:tor:0.2.3.15", "cpe:/a:torproject:tor:0.1.0.17", "cpe:/a:torproject:tor:0.1.1.22", "cpe:/a:torproject:tor:0.2.2.27", "cpe:/a:torproject:tor:0.2.0.35", "cpe:/a:torproject:tor:0.1.1.25", "cpe:/a:torproject:tor:0.0.9.1", "cpe:/a:torproject:tor:0.2.3.20", "cpe:/a:torproject:tor:0.2.0.30", "cpe:/a:torproject:tor:0.2.3.18", "cpe:/a:torproject:tor:0.0.9.9", "cpe:/a:torproject:tor:0.1.0.15", "cpe:/a:torproject:tor:0.0.9.3", "cpe:/a:torproject:tor:0.2.2.21", "cpe:/a:torproject:tor:0.0.9.2", "cpe:/a:torproject:tor:0.2.2.31", "cpe:/a:torproject:tor:0.0.4", "cpe:/a:torproject:tor:0.2.2.26", "cpe:/a:torproject:tor:0.1.2.18", "cpe:/a:torproject:tor:0.0.6.1", "cpe:/a:torproject:tor:0.2.2.18", "cpe:/a:torproject:tor:0.2.2.36", "cpe:/a:torproject:tor:0.1.2.19", "cpe:/a:torproject:tor:0.2.0.33", "cpe:/a:torproject:tor:0.0.9.6", "cpe:/a:torproject:tor:0.0.9.7", "cpe:/a:torproject:tor:0.0.9.8", "cpe:/a:torproject:tor:0.2.2.30", "cpe:/a:torproject:tor:0.1.1.21", "cpe:/a:torproject:tor:0.2.3.13", "cpe:/a:torproject:tor:0.1.1.26", "cpe:/a:torproject:tor:0.2.2.34", "cpe:/a:torproject:tor:0.0.6.2", "cpe:/a:torproject:tor:0.2.2.37"], "id": "CVE-2012-5573", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5573", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:torproject:tor:0.1.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.2:pre24:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.2.14:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.3.21:rc:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.21:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.1.22:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.3.20:rc:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.9.5:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.3.14:alpha:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.3.24:rc:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.0.34:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.2:pre27:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.35:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.36:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.2:pre13:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.3.23:rc:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.2:pre17:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.31:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.2.18:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.19:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.1.25:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.24:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.29:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.3.13:alpha:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.2:pre18:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.9.4:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.2:pre25:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.1.26:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.2:pre23:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.1.20:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.3.18:rc:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.3.17:beta:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.1.23:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.22:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.2.15:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.37:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.9.8:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.1.24:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.2:pre15:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.25:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.2:pre19:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.32:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.2:pre21:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.38:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.33:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.2:pre20:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.2.13:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.28:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.2:pre16:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.2.16:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.34:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.2:pre22:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.20:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.18:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.9.6:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.9.7:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.27:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.2:pre26:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.3.22:rc:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.3.19:rc:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.9.10:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.23:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.30:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.2:pre14:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.3.16:alpha:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.2.17:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.9.9:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.3.15:alpha:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.1.21:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.2.26:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.1.2.19:*:*:*:*:*:*:*"]}], "fedora": [{"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3517", "CVE-2012-4419", "CVE-2012-4922"], "description": "Tor is a connection-based low-latency anonymous communication system. Applications connect to the local Tor proxy using the SOCKS protocol. The local proxy chooses a path through a set of relays, in which each relay knows its predecessor and successor, but no others. Traffic flowing down the circuit is unwrapped by a symmetric key at each relay, which reveals the downstream relay. Warnings: Tor does no protocol cleaning. That means there is a danger that application protocols and associated programs can be induced to reveal information about the initiator. Tor depends on Privoxy and similar protocol cleaners to solve this problem. This is alpha code, and is even more likely than released code to have anonymity-spoiling bugs. The present network is very small -- this further reduces the strength of the anonymity provided. Tor is not presently suitable for high-stakes anonymity. ", "modified": "2012-09-24T03:21:27", "published": "2012-09-24T03:21:27", "id": "FEDORA:7023C2252C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: tor-0.2.2.39-1800.fc18", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3517", "CVE-2012-4419", "CVE-2012-4422", "CVE-2012-4922"], "description": "Tor is a connection-based low-latency anonymous communication system. Applications connect to the local Tor proxy using the SOCKS protocol. The local proxy chooses a path through a set of relays, in which each relay knows its predecessor and successor, but no others. Traffic flowing down the circuit is unwrapped by a symmetric key at each relay, which reveals the downstream relay. Warnings: Tor does no protocol cleaning. That means there is a danger that application protocols and associated programs can be induced to reveal information about the initiator. Tor depends on Privoxy and similar protocol cleaners to solve this problem. This is alpha code, and is even more likely than released code to have anonymity-spoiling bugs. The present network is very small -- this further reduces the strength of the anonymity provided. Tor is not presently suitable for high-stakes anonymity. ", "modified": "2013-02-03T13:38:51", "published": "2013-02-03T13:38:51", "id": "FEDORA:8B0A9219B0", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: tor-0.2.2.39-1700.fc17", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4419", "CVE-2012-4422", "CVE-2012-5573"], "description": "Tor is a connection-based low-latency anonymous communication system. Applications connect to the local Tor proxy using the SOCKS protocol. The local proxy chooses a path through a set of relays, in which each relay knows its predecessor and successor, but no others. Traffic flowing down the circuit is unwrapped by a symmetric key at each relay, which reveals the downstream relay. Warnings: Tor does no protocol cleaning. That means there is a danger that application protocols and associated programs can be induced to reveal information about the initiator. Tor depends on Privoxy and similar protocol cleaners to solve this problem. This is alpha code, and is even more likely than released code to have anonymity-spoiling bugs. The present network is very small -- this further reduces the strength of the anonymity provided. Tor is not presently suitable for high-stakes anonymity. ", "modified": "2013-03-24T22:52:10", "published": "2013-03-24T22:52:10", "id": "FEDORA:0D73720EAA", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: tor-0.2.3.25-1702.fc17", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5573"], "description": "Tor is a connection-based low-latency anonymous communication system. Applications connect to the local Tor proxy using the SOCKS protocol. The local proxy chooses a path through a set of relays, in which each relay knows its predecessor and successor, but no others. Traffic flowing down the circuit is unwrapped by a symmetric key at each relay, which reveals the downstream relay. Warnings: Tor does no protocol cleaning. That means there is a danger that application protocols and associated programs can be induced to reveal information about the initiator. Tor depends on Privoxy and similar protocol cleaners to solve this problem. This is alpha code, and is even more likely than released code to have anonymity-spoiling bugs. The present network is very small -- this further reduces the strength of the anonymity provided. Tor is not presently suitable for high-stakes anonymity. ", "modified": "2013-03-16T01:39:42", "published": "2013-03-16T01:39:42", "id": "FEDORA:5491E224B4", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: tor-0.2.3.25-1802.fc18", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:45", "bulletinFamily": "software", "cvelist": ["CVE-2012-3519", "CVE-2012-3518", "CVE-2012-4419"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2548-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nSeptember 13, 2012 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : tor\r\nVulnerability : several\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2012-3518 CVE-2012-3519 CVE-2012-4419\r\n\r\nSeverel vulnerabilities have been discovered in Tor, an online privacy \r\ntool.\r\n\r\nCVE-2012-3518\r\n\r\n Avoid an uninitialised memory read when reading a vote or consensus\r\n document that has an unrecognized flavour name. This could lead to\r\n a remote, resulting in denial of service.\r\n\r\nCVE-2012-3519\r\n\r\n Try to leak less information about what relays a client is choosing to\r\n a side-channel attacker.\r\n\r\nCVE-2012-4419\r\n\r\n By providing specially crafted date strings to a victim tor instance, \r\n an attacker can cause it to run into an assertion and shut down\r\n\r\nAdditionally the update to stable includes the following fixes:\r\n- - When waiting for a client to renegotiate, don&#39;t allow it to add any\r\n bytes to the input buffer. This fixes a potential DoS issue\r\n [tor-5934, tor-6007].\r\n\r\nFor the stable distribution &#40;squeeze&#41;, these problems have been fixed in\r\nversion 0.2.2.39-1.\r\n\r\nFor the unstable distribution, these problems have been fixed in version\r\n0.2.3.22-rc-1.\r\n\r\nWe recommend that you upgrade your tor packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 &#40;GNU/Linux&#41;\r\n\r\niEYEARECAAYFAlBSMjQACgkQXm3vHE4uylq6wgCggMNGWPFQe8JxitNIDSJ7rxS9\r\n87MAn0Z3TVgrowBSSb7iouq9E3Ty9ozG\r\n=zQL+\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2012-09-18T00:00:00", "published": "2012-09-18T00:00:00", "id": "SECURITYVULNS:DOC:28562", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28562", "title": "[SECURITY] [DSA 2548-1] tor security update", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:48", "bulletinFamily": "software", "cvelist": ["CVE-2012-3519", "CVE-2012-3518", "CVE-2012-4419"], "description": "DoS conditions, information leakage.", "edition": 1, "modified": "2012-09-18T00:00:00", "published": "2012-09-18T00:00:00", "id": "SECURITYVULNS:VULN:12589", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12589", "title": "tor security vulnerabilities", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "debian": [{"lastseen": "2020-11-11T13:14:37", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3519", "CVE-2012-3518", "CVE-2012-4419"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2548-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nSeptember 13, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : tor\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2012-3518 CVE-2012-3519 CVE-2012-4419\n\nSeverel vulnerabilities have been discovered in Tor, an online privacy \ntool.\n\nCVE-2012-3518\n\n Avoid an uninitialised memory read when reading a vote or consensus\n document that has an unrecognized flavour name. This could lead to\n a remote, resulting in denial of service.\n\nCVE-2012-3519\n\n Try to leak less information about what relays a client is choosing to\n a side-channel attacker.\n\nCVE-2012-4419\n\n By providing specially crafted date strings to a victim tor instance, \n an attacker can cause it to run into an assertion and shut down\n\nAdditionally the update to stable includes the following fixes:\n- - When waiting for a client to renegotiate, don&#x27;t allow it to add any\n bytes to the input buffer. This fixes a potential DoS issue\n [tor-5934, tor-6007].\n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 0.2.2.39-1.\n\nFor the unstable distribution, these problems have been fixed in version\n0.2.3.22-rc-1.\n\nWe recommend that you upgrade your tor packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2012-09-13T19:23:35", "published": "2012-09-13T19:23:35", "id": "DEBIAN:DSA-2548-1:74817", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00190.html", "title": "[SECURITY] [DSA 2548-1] tor security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}