CVE-2009-0654
EUVD-2009-065720.02.2009, 19:30
Tor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote attackers, with control of an entry router and an exit router, to confirm that a sender and receiver are communicating via vectors involving (1) replaying, (2) modifying, (3) inserting, or (4) deleting a single cell, and then observing cell recognition errors at the exit router. NOTE: the vendor disputes the significance of this issue, noting that the product's design "accepted end-to-end correlation as an attack that is too expensive to solve."Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| tor | tor | 𝑥 ≤ 0.2.0.34 |
| tor | tor | 0.2.0.1:alpha |
| tor | tor | 0.2.0.2:alpha |
| tor | tor | 0.2.0.3:alpha |
| tor | tor | 0.2.0.4:alpha |
| tor | tor | 0.2.0.5:alpha |
| tor | tor | 0.2.0.6:alpha |
| tor | tor | 0.2.0.7:alpha |
| tor | tor | 0.2.0.8:alpha |
| tor | tor | 0.2.0.9:alpha |
| tor | tor | 0.2.0.10:alpha |
| tor | tor | 0.2.0.11:alpha |
| tor | tor | 0.2.0.12:alpha |
| tor | tor | 0.2.0.13:alpha |
| tor | tor | 0.2.0.14:alpha |
| tor | tor | 0.2.0.15:alpha |
| tor | tor | 0.2.0.16:alpha |
| tor | tor | 0.2.0.17:alpha |
| tor | tor | 0.2.0.18:alpha |
| tor | tor | 0.2.0.19:alpha |
| tor | tor | 0.2.0.20:alpha |
| tor | tor | 0.2.0.21:alpha |
| tor | tor | 0.2.0.22:alpha |
| tor | tor | 0.2.0.23:alpha |
| tor | tor | 0.2.0.24:alpha |
| tor | tor | 0.2.0.25:alpha |
| tor | tor | 0.2.0.26:alpha |
| tor | tor | 0.2.0.27:alpha |
| tor | tor | 0.2.0.28:alpha |
| tor | tor | 0.2.0.29:alpha |
| tor | tor | 0.2.0.30:alpha |
| tor | tor | 0.2.0.31:alpha |
| tor | tor | 0.2.0.32:alpha |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
References