CVE-2009-2426

EUVD-2009-2421
The connection_edge_process_relay_cell_not_open function in src/or/relay.c in Tor 0.2.x before 0.2.0.35 and 0.1.x before 0.1.2.8-beta allows exit relays to have an unspecified impact by causing controllers to accept DNS responses that redirect to an internal IP address via unknown vectors.  NOTE: some of these details are obtained from third party information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
Affected Products (NVD)
VendorProductVersion
tortor
0.1.0.1
tortor
0.1.0.2
tortor
0.1.0.3
tortor
0.1.0.4
tortor
0.1.0.5
tortor
0.1.0.6
tortor
0.1.0.7
tortor
0.1.0.8
tortor
0.1.0.9
tortor
0.1.0.10
tortor
0.1.0.11
tortor
0.1.0.12
tortor
0.1.0.13
tortor
0.1.0.14
tortor
0.1.0.15
tortor
0.1.0.16
tortor
0.1.0.17
tortor
0.1.0.18
tortor
0.1.0.19
tortor
0.1.1
tortor
0.1.1.1
tortor
0.1.1.1_alpha:_alpha
tortor
0.1.1.2
tortor
0.1.1.2_alpha:_alpha
tortor
0.1.1.3
tortor
0.1.1.3_alpha:_alpha
tortor
0.1.1.4
tortor
0.1.1.4_alpha:_alpha
tortor
0.1.1.5
tortor
0.1.1.5_alpha:_alpha
tortor
0.1.1.6
tortor
0.1.1.6_alpha:_alpha
tortor
0.1.1.7
tortor
0.1.1.7_alpha:_alpha
tortor
0.1.1.8
tortor
0.1.1.8_alpha:_alpha
tortor
0.1.1.9
tortor
0.1.1.9_alpha:_alpha
tortor
0.1.1.10
tortor
0.1.1.10_alpha:_alpha
tortor
0.1.1.11
tortor
0.1.1.12
tortor
0.1.1.13
tortor
0.1.1.14
tortor
0.1.1.15
tortor
0.1.1.16
tortor
0.1.1.17
tortor
0.1.1.18
tortor
0.1.1.19
tortor
0.1.1.20
tortor
0.1.1.21
tortor
0.1.1.22
tortor
0.1.1.23
tortor
0.1.1.25
tortor
0.1.1.26
tortor
0.1.2.1_alpha-cvs:_alpha
tortor
0.1.2.2
tortor
0.1.2.3:alpha
tortor
0.1.2.4
tortor
0.1.2.5
tortor
0.1.2.5:alpha
tortor
0.1.2.6:alpha
tortor
0.1.2.7:alpha
tortor
0.2.0.1:alpha
tortor
0.2.0.2:alpha
tortor
0.2.0.3:alpha
tortor
0.2.0.4:alpha
tortor
0.2.0.5:alpha
tortor
0.2.0.6:alpha
tortor
0.2.0.7:alpha
tortor
0.2.0.8:alpha
tortor
0.2.0.9:alpha
tortor
0.2.0.10:alpha
tortor
0.2.0.11:alpha
tortor
0.2.0.12:alpha
tortor
0.2.0.13:alpha
tortor
0.2.0.14:alpha
tortor
0.2.0.15:alpha
tortor
0.2.0.16:alpha
tortor
0.2.0.17:alpha
tortor
0.2.0.18:alpha
tortor
0.2.0.19:alpha
tortor
0.2.0.20:alpha
tortor
0.2.0.21:alpha
tortor
0.2.0.22:alpha
tortor
0.2.0.23:alpha
tortor
0.2.0.24:alpha
tortor
0.2.0.25:alpha
tortor
0.2.0.26:alpha
tortor
0.2.0.27:alpha
tortor
0.2.0.28:alpha
tortor
0.2.0.29:alpha
tortor
0.2.0.31:alpha
tortor
0.2.0.33
tortor
0.2.0.34:alpha
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
tor
bookworm
0.4.7.16-1
fixed
bookworm (security)
0.4.7.16-1
fixed
bullseye
0.4.5.16-1
fixed
bullseye (security)
0.4.5.16-1
fixed
sid
0.4.8.13-2
fixed
trixie
0.4.8.13-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
tor
dapper
ignored
hardy
ignored
intrepid
ignored
jaunty
dne
karmic
dne
lucid
dne
maverick
dne
natty
not-affected
oneiric
not-affected
References
http://archives.seul.org/or/announce/Jun-2009/msg00000.html
http://secunia.com/advisories/35546
http://www.osvdb.org/55341
http://www.securityfocus.com/bid/35505
http://www.vupen.com/english/advisories/2009/1716
https://exchange.xforce.ibmcloud.com/vulnerabilities/51377
http://archives.seul.org/or/announce/Jun-2009/msg00000.html
http://secunia.com/advisories/35546
http://www.osvdb.org/55341
http://www.securityfocus.com/bid/35505
http://www.vupen.com/english/advisories/2009/1716
https://exchange.xforce.ibmcloud.com/vulnerabilities/51377