Summary
This host is installed with Tor and is prone to DNS Spoofing vulnerability.
Impact
Successful exploitation will allow attackers to conduct DNS spoofing attacks.
Impact level: Application
Solution
Upgrade to version 0.2.0.35 or 0.1.2.8-beta or later http://www.torproject.org/download.html.en
Insight
Error in 'connection_edge_process_relay_cell_not_open' function in 'relay.c' in src/or/ allows exit relays to have an unspecified impact by causing controllers to accept DNS responses that redirect to an internal IP address via unknown vectors.
Affected
Tor version 0.2.x before 0.2.0.35 and 0.1.x before 0.1.2.8-beta on Linux.
References
Severity
Classification
-
CVE CVE-2009-2426 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- AVG Anti-Virus 'hcp://' Protocol Handler Remote Code Execution Vulnerability
- Adobe Reader Multiple Unspecified Vulnerabilities Jun06 (Windows)
- Apple Safari JavaScript Implementation Information Disclosure Vulnerability (Mac OS X)
- Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
- Apache Tomcat Default Accounts