Summary
This host is installed with Tor and is prone to DNS Spoofing vulnerability.
Impact
Successful exploitation will allow attackers to conduct DNS spoofing attacks.
Impact level: Application
Solution
Upgrade to version 0.2.0.35 or 0.1.2.8-beta or later http://www.torproject.org/download.html.en
Insight
Error in 'connection_edge_process_relay_cell_not_open' function in 'relay.c' in src/or/ allows exit relays to have an unspecified impact by causing controllers to accept DNS responses that redirect to an internal IP address via unknown vectors.
Affected
Tor version 0.2.x before 0.2.0.35 and 0.1.x before 0.1.2.8-beta on Windows.
References
Severity
Classification
-
CVE CVE-2009-2426 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Apple Safari libxml Denial of Service Vulnerability
- APC PowerChute Business Edition Unspecified Cross Site Scripting Vulnerability
- Adobe Flex SDK 'SWF' Files Cross-Site Scripting Vulnerability (Windows)
- AVG Anti-Virus 'hcp://' Protocol Handler Remote Code Execution Vulnerability
- Apple Mac OS X Authentication Bypass Vulnerability