43 matches found
tor user deanonymizing
User deanonimization via Relay-early cells...
CVE-2014-5117
Tor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a circuit after an inbound RELAYEARLY cell is received by a client, which makes it easier for remote attackers to conduct traffic-confirmation attacks by using the pattern of RELAY and RELAYEARLY cells as a means of communicating...
CVE-2012-2249
Tor before 0.2.3.23-rc allows remote attackers to cause a denial of service assertion failure and daemon exit via a renegotiation attempt that occurs after the initiation of the V3 link protocol...
CVE-2012-5573
The connectionedgeprocessrelaycell function in or/relay.c in Tor before 0.2.3.25 maintains circuits even if an unexpected SENDME cell arrives, which might allow remote attackers to cause a denial of service memory consumption or excessive cell reception rate or bypass intended flow-control...
CVE-2012-3517
Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might allow remote attackers to cause a denial of service daemon crash via vectors related to failed DNS requests...
CVE-2012-3519
routerlist.c in Tor before 0.2.2.38 uses a different amount of time for relay-list iteration depending on which relay is chosen, which might allow remote attackers to obtain sensitive information about relay selection via a timing side-channel attack...
CVE-2011-4896
Tor before 0.2.2.24-alpha continues to use a reachable bridge that was previously configured but is not currently configured, which might allow remote attackers to obtain sensitive information about clients in opportunistic circumstances by monitoring network traffic to the bridge port...
CVE-2011-4894
Tor before 0.2.2.34, when configured as a bridge, uses direct DirPort access instead of a Tor TLS connection for a directory fetch, which makes it easier for remote attackers to enumerate bridges by observing DirPort connections...
CVE-2011-2768
Tor before 0.2.2.34, when configured as a client or bridge, sends a TLS certificate chain as part of an outgoing OR connection, which allows remote relays to bypass intended anonymity properties by reading this chain and then determining the set of entry guards that the client or bridge had...
CVE-2011-0491
The torrealloc function in Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not validate a certain size value during memory allocation, which might allow remote attackers to cause a denial of service daemon crash via unspecified vectors, related to "underflow errors."...
CVE-2009-2425
Tor before 0.2.0.35 allows remote attackers to cause a denial of service application crash via a malformed router descriptor...
CVE-2009-0939
Tor before 0.2.0.34 treats incomplete IPv4 addresses as valid, which has unknown impact and attack vectors related to "Spec conformance," as demonstrated using 192.168.0...
CVE-2009-0937
Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirrors to cause a denial of service via unknown vectors...
DEBIAN-CVE-2007-4174
Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid...
CVE-2007-4098
Tor before 0.1.2.15 does not properly distinguish "streamids from different exits," which might allow remote attackers with control over Tor routers to inject cells into arbitrary streams...
CVE-2007-4099
Tor before 0.1.2.15 can select a guard node beyond the first listed never-before-connected-to guard node, which allows remote attackers with control of certain guard nodes to obtain sensitive information and possibly leverage further attacks...
CVE-2006-3412
Tor before 0.1.1.20 does not sufficiently obey certain firewall options, which allows remote attackers to bypass intended access restrictions for dirservers, direct connections, or proxy servers...
CVE-2006-3415
Tor before 0.1.1.20 uses improper logic to validate the "OR" destination, which allows remote attackers to perform a man-in-the-middle MITM attack via unspecified vectors...
CVE-2006-3418
Tor before 0.1.1.20 does not validate that a server descriptor's fingerprint line matches its identity key, which allows remote attackers to spoof the fingerprint line, which might be trusted by users or other applications...
CVE-2006-3414
Tor before 0.1.1.20 supports server descriptors that contain hostnames instead of IP addresses, which allows remote attackers to arbitrarily group users by providing preferential address resolution...