Replay Attack Vulnerability In Tor (Linux) Network Vulnerability

Summary

This host is installed with Tor Anonimity Proxy and is prone to replay attack vulnerability.

Impact

Successful exploitation will let the remote attacker cause replay attacks in the network and can compromise router functionalities. Impact level: Network

Solution

Upgrade to Tor version 0.2.1.25 or later, For updates refer to https://www.torproject.org/download-unix.html.en

Insight

Flaw is in the data flow at the end of the circuit which lets the attacker to modify the relayed data.

Affected

Tor version 0.2.0.34 and prior on Linux.

References

http://blog.torproject.org/blog/one-cell-enough
http://www.blackhat.com/presentations/bh-dc-09/Fu/BlackHat-DC-09-Fu-Break-Tors-Anonymity.pdf

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-0654

CVSS	Base Score: 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Tomcat Remote Code Execution Vulnerability - Sep14
Adobe Reader Privelege Escalation Vulnerability - Jul07 (Mac OS X)
Adobe Flash Player/Air Multiple Vulnerabilities -feb10 (Linux)
Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
Aardvark Topsites Multiple Vulnerabilities

Replay Attack Vulnerability in Tor (Linux)

Take action and discover your vulnerabilities