Tor 'relay.c' DNS Spoofing Vulnerability - July09 (Win) Network Vulnerability

Summary

This host is installed with Tor and is prone to DNS Spoofing vulnerability.

Impact

Successful exploitation will allow attackers to conduct DNS spoofing attacks. Impact level: Application

Solution

Upgrade to version 0.2.0.35 or 0.1.2.8-beta or later http://www.torproject.org/download.html.en

Insight

Error in 'connection_edge_process_relay_cell_not_open' function in 'relay.c' in src/or/ allows exit relays to have an unspecified impact by causing controllers to accept DNS responses that redirect to an internal IP address via unknown vectors.

Affected

Tor version 0.2.x before 0.2.0.35 and 0.1.x before 0.1.2.8-beta on Windows.

References

http://archives.seul.org/or/announce/Jun-2009/msg00000.html
http://secunia.com/advisories/35546
http://xforce.iss.net/xforce/xfdb/51377

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-2426

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Apple Safari JavaScript Implementation Information Disclosure Vulnerability (Mac OS X)
Adobe Flash Player Unspecified Cross-Site Scripting Vulnerability June-2011 (Linux)
Adobe Reader Multiple Vulnerabilities - Aug07 (Windows)
Apple Safari WebKit Information Disclosure Vulnerability (Windows)
Apple Safari Multiple Vulnerabilities Dec13 (Mac OS X)

Take action and discover your vulnerabilities