Replay Attack Vulnerability In Tor (Linux) Network Vulnerability

Summary

This host is installed with Tor Anonimity Proxy and is prone to replay attack vulnerability.

Impact

Successful exploitation will let the remote attacker cause replay attacks in the network and can compromise router functionalities. Impact level: Network

Solution

Upgrade to Tor version 0.2.1.25 or later, For updates refer to https://www.torproject.org/download-unix.html.en

Insight

Flaw is in the data flow at the end of the circuit which lets the attacker to modify the relayed data.

Affected

Tor version 0.2.0.34 and prior on Linux.

References

http://blog.torproject.org/blog/one-cell-enough
http://www.blackhat.com/presentations/bh-dc-09/Fu/BlackHat-DC-09-Fu-Break-Tors-Anonymity.pdf

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-0654

CVSS	Base Score: 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apple Safari Multiple Memory Corruption Vulnerabilities-02 Apr14 (Mac OS X)
Apple Safari Address Bar Spoofing Vulnerability june-10 (Win)
Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Windows)
Adobe Flash Player Unspecified Cross-Site Scripting Vulnerability June-2011 (Linux)
Apple Mac OS X Denial of Service Vulnerability

Replay Attack Vulnerability in Tor (Linux)

Take action and discover your vulnerabilities