Lucene search
Copyright (C) 2010 Greenbone AGOPENVAS:1361412562310902103HistoryJan 28, 2010 - 12:00 a.m.
Tor Clients Information Disclosure Vulnerability - Linux
2010-01-2800:00:00
Copyright (C) 2010 Greenbone AG
plugins.openvas.org
11
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.1
Confidence
Low
EPSS
0
Percentile
5.1%
Tor is prone to an information disclosure vulnerability.
# SPDX-FileCopyrightText: 2010 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.902103");
script_version("2024-02-15T05:05:39+0000");
script_tag(name:"last_modification", value:"2024-02-15 05:05:39 +0000 (Thu, 15 Feb 2024)");
script_tag(name:"creation_date", value:"2010-01-28 16:24:05 +0100 (Thu, 28 Jan 2010)");
script_tag(name:"cvss_base", value:"2.1");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:P/I:N/A:N");
script_cve_id("CVE-2010-0384");
script_name("Tor Clients Information Disclosure Vulnerability - Linux");
script_xref(name:"URL", value:"http://secunia.com/advisories/38198");
script_xref(name:"URL", value:"http://archives.seul.org/or/announce/Jan-2010/msg00000.html");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2010 Greenbone AG");
script_family("General");
script_dependencies("secpod_tor_detect_lin.nasl");
script_mandatory_keys("Tor/Linux/Ver");
script_tag(name:"affected", value:"Tor version 0.2.2.x before 0.2.2.7-alpha on Linux.");
script_tag(name:"insight", value:"The issue is due to directory mirror which does not prevent logging of the
client IP address upon detection of erroneous client behavior, which might make
it easier for local users to discover the identities of clients by reading log files.");
script_tag(name:"solution", value:"Upgrade to version 0.2.2.7-alpha.");
script_tag(name:"summary", value:"Tor is prone to an information disclosure vulnerability.");
script_tag(name:"impact", value:"Successful exploitation will allow attackers to obtain client IP information
that can help them launch further attacks.");
script_tag(name:"qod_type", value:"executable_version");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("version_func.inc");
torVer = get_kb_item("Tor/Linux/Ver");
if(!torVer){
exit(0);
}
torVer = ereg_replace(pattern:"-", replace:".", string:torVer);
if(torVer =~ "^0\.2\.2\."){
if(version_is_less(version:torVer, test_version:"0.2.2.7.alpha")){
report = report_fixed_ver(installed_version:torVer, fixed_version:"0.2.2.7.alpha");
security_message(port: 0, data: report);
exit(0);
}
}
Related
prion
prion
Design/Logic Flaw
2010-01-25 19:30:00
openvas
openvas
Tor Clients Information Disclosure Vulnerability (win)
2010-01-28 00:00:00
Tor Clients Information Disclosure Vulnerability (Linux)
2010-01-28 00:00:00
Tor Clients Information Disclosure Vulnerability (win)
2010-01-28 00:00:00
nvd
nvd
CVE-2010-0384
2010-01-25 19:30:01
ubuntucve
ubuntucve
CVE-2010-0384
2010-01-25 00:00:00
debiancve
debiancve
CVE-2010-0384
2010-01-25 19:30:01
seebug
seebug
Torζ₯εΏζδ»ΆδΏ‘ζ―ζ³ι²ζΌζ΄
2010-01-27 00:00:00
cve
cve
CVE-2010-0384
2010-01-25 19:30:01
cvelist
cvelist
CVE-2010-0384
2010-01-25 19:00:00
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.1
Confidence
Low
EPSS
0
Percentile
5.1%
Related for OPENVAS:1361412562310902103