CVE-2009-0654

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2009-0654
Tor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote attackers, with control of an entry router and an exit router, to confirm that a sender and receiver are communicating via vectors involving (1) replaying, (2) modifying, (3) inserting, or (4) deleting a single cell, and then observing cell recognition errors at the exit router. NOTE: the vendor disputes the significance of this issue, noting that the product's design "accepted end-to-end correlation as an attack that is too expensive to solve."

5.1 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability : 4.9 / Impact : 6.4

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://blog.torproject.org/blog/one-cell-enough
http://www.blackhat.com/html/bh-dc-09/bh-dc-09-archives.html#Fu
http://www.blackhat.com/presentations/bh-dc-09/Fu/BlackHat-DC-09-Fu-Break-Tors-Anonymity.pdf Exploit
http://blog.torproject.org/blog/one-cell-enough
http://www.blackhat.com/html/bh-dc-09/bh-dc-09-archives.html#Fu
http://www.blackhat.com/presentations/bh-dc-09/Fu/BlackHat-DC-09-Fu-Break-Tors-Anonymity.pdf Exploit
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:tor:tor:*:alpha:*:*:*:*:*:*
cpe:2.3:a:tor:tor:0.2.0.1:alpha:*:*:*:*:*:*
cpe:2.3:a:tor:tor:0.2.0.2:alpha:*:*:*:*:*:*
cpe:2.3:a:tor:tor:0.2.0.3:alpha:*:*:*:*:*:*
cpe:2.3:a:tor:tor:0.2.0.4:alpha:*:*:*:*:*:*
cpe:2.3:a:tor:tor:0.2.0.5:alpha:*:*:*:*:*:*
cpe:2.3:a:tor:tor:0.2.0.6:alpha:*:*:*:*:*:*
cpe:2.3:a:tor:tor:0.2.0.7:alpha:*:*:*:*:*:*
cpe:2.3:a:tor:tor:0.2.0.8:alpha:*:*:*:*:*:*
cpe:2.3:a:tor:tor:0.2.0.9:alpha:*:*:*:*:*:*
cpe:2.3:a:tor:tor:0.2.0.10:alpha:*:*:*:*:*:*
cpe:2.3:a:tor:tor:0.2.0.11:alpha:*:*:*:*:*:*
cpe:2.3:a:tor:tor:0.2.0.12:alpha:*:*:*:*:*:*
cpe:2.3:a:tor:tor:0.2.0.13:alpha:*:*:*:*:*:*
cpe:2.3:a:tor:tor:0.2.0.14:alpha:*:*:*:*:*:*
cpe:2.3:a:tor:tor:0.2.0.15:alpha:*:*:*:*:*:*
cpe:2.3:a:tor:tor:0.2.0.16:alpha:*:*:*:*:*:*
cpe:2.3:a:tor:tor:0.2.0.17:alpha:*:*:*:*:*:*
cpe:2.3:a:tor:tor:0.2.0.18:alpha:*:*:*:*:*:*
cpe:2.3:a:tor:tor:0.2.0.19:alpha:*:*:*:*:*:*
cpe:2.3:a:tor:tor:0.2.0.20:alpha:*:*:*:*:*:*
cpe:2.3:a:tor:tor:0.2.0.21:alpha:*:*:*:*:*:*
cpe:2.3:a:tor:tor:0.2.0.22:alpha:*:*:*:*:*:*
cpe:2.3:a:tor:tor:0.2.0.23:alpha:*:*:*:*:*:*
cpe:2.3:a:tor:tor:0.2.0.24:alpha:*:*:*:*:*:*
cpe:2.3:a:tor:tor:0.2.0.25:alpha:*:*:*:*:*:*
cpe:2.3:a:tor:tor:0.2.0.26:alpha:*:*:*:*:*:*
cpe:2.3:a:tor:tor:0.2.0.27:alpha:*:*:*:*:*:*
cpe:2.3:a:tor:tor:0.2.0.28:alpha:*:*:*:*:*:*
cpe:2.3:a:tor:tor:0.2.0.29:alpha:*:*:*:*:*:*
cpe:2.3:a:tor:tor:0.2.0.30:alpha:*:*:*:*:*:*
cpe:2.3:a:tor:tor:0.2.0.31:alpha:*:*:*:*:*:*
cpe:2.3:a:tor:tor:0.2.0.32:alpha:*:*:*:*:*:*
History

21 Nov 2024, 01:00

Type Values Removed Values Added
References () http://blog.torproject.org/blog/one-cell-enough - () http://blog.torproject.org/blog/one-cell-enough -
References () http://www.blackhat.com/html/bh-dc-09/bh-dc-09-archives.html#Fu - () http://www.blackhat.com/html/bh-dc-09/bh-dc-09-archives.html#Fu -
References () http://www.blackhat.com/presentations/bh-dc-09/Fu/BlackHat-DC-09-Fu-Break-Tors-Anonymity.pdf - Exploit () http://www.blackhat.com/presentations/bh-dc-09/Fu/BlackHat-DC-09-Fu-Break-Tors-Anonymity.pdf - Exploit
Information

Published : 2009-02-20 19:30

Updated : 2025-04-09 00:30

NVD link : CVE-2009-0654

Mitre link : CVE-2009-0654

CVE.ORG link : CVE-2009-0654

JSON object : View

Products Affected

tor

  • tor
CWE
NVD-CWE-Other