CVE-2009-2426

The connection_edge_process_relay_cell_not_open function in src/or/relay.c in Tor 0.2.x before 0.2.0.35 and 0.1.x before 0.1.2.8-beta allows exit relays to have an unspecified impact by causing controllers to accept DNS responses that redirect to an internal IP address via unknown vectors.  NOTE: some of these details are obtained from third party information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
VendorProductVersion
tortor
0.1.0.1
tortor
0.1.0.2
tortor
0.1.0.3
tortor
0.1.0.4
tortor
0.1.0.5
tortor
0.1.0.6
tortor
0.1.0.7
tortor
0.1.0.8
tortor
0.1.0.9
tortor
0.1.0.10
tortor
0.1.0.11
tortor
0.1.0.12
tortor
0.1.0.13
tortor
0.1.0.14
tortor
0.1.0.15
tortor
0.1.0.16
tortor
0.1.0.17
tortor
0.1.0.18
tortor
0.1.0.19
tortor
0.1.1
tortor
0.1.1.1
tortor
0.1.1.1_alpha:_alpha
tortor
0.1.1.2
tortor
0.1.1.2_alpha:_alpha
tortor
0.1.1.3
tortor
0.1.1.3_alpha:_alpha
tortor
0.1.1.4
tortor
0.1.1.4_alpha:_alpha
tortor
0.1.1.5
tortor
0.1.1.5_alpha:_alpha
tortor
0.1.1.6
tortor
0.1.1.6_alpha:_alpha
tortor
0.1.1.7
tortor
0.1.1.7_alpha:_alpha
tortor
0.1.1.8
tortor
0.1.1.8_alpha:_alpha
tortor
0.1.1.9
tortor
0.1.1.9_alpha:_alpha
tortor
0.1.1.10
tortor
0.1.1.10_alpha:_alpha
tortor
0.1.1.11
tortor
0.1.1.12
tortor
0.1.1.13
tortor
0.1.1.14
tortor
0.1.1.15
tortor
0.1.1.16
tortor
0.1.1.17
tortor
0.1.1.18
tortor
0.1.1.19
tortor
0.1.1.20
tortor
0.1.1.21
tortor
0.1.1.22
tortor
0.1.1.23
tortor
0.1.1.25
tortor
0.1.1.26
tortor
0.1.2.1_alpha-cvs:_alpha
tortor
0.1.2.2
tortor
0.1.2.3:alpha
tortor
0.1.2.4
tortor
0.1.2.5
tortor
0.1.2.5:alpha
tortor
0.1.2.6:alpha
tortor
0.1.2.7:alpha
tortor
0.2.0.1:alpha
tortor
0.2.0.2:alpha
tortor
0.2.0.3:alpha
tortor
0.2.0.4:alpha
tortor
0.2.0.5:alpha
tortor
0.2.0.6:alpha
tortor
0.2.0.7:alpha
tortor
0.2.0.8:alpha
tortor
0.2.0.9:alpha
tortor
0.2.0.10:alpha
tortor
0.2.0.11:alpha
tortor
0.2.0.12:alpha
tortor
0.2.0.13:alpha
tortor
0.2.0.14:alpha
tortor
0.2.0.15:alpha
tortor
0.2.0.16:alpha
tortor
0.2.0.17:alpha
tortor
0.2.0.18:alpha
tortor
0.2.0.19:alpha
tortor
0.2.0.20:alpha
tortor
0.2.0.21:alpha
tortor
0.2.0.22:alpha
tortor
0.2.0.23:alpha
tortor
0.2.0.24:alpha
tortor
0.2.0.25:alpha
tortor
0.2.0.26:alpha
tortor
0.2.0.27:alpha
tortor
0.2.0.28:alpha
tortor
0.2.0.29:alpha
tortor
0.2.0.31:alpha
tortor
0.2.0.33
tortor
0.2.0.34:alpha
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
tor
bullseye (security)
0.4.5.16-1
fixed
bullseye
0.4.5.16-1
fixed
bookworm
0.4.7.16-1
fixed
bookworm (security)
0.4.7.16-1
fixed
sid
0.4.8.13-2
fixed
trixie
0.4.8.13-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
tor
oneiric
not-affected
natty
not-affected
maverick
dne
lucid
dne
karmic
dne
jaunty
dne
intrepid
ignored
hardy
ignored
dapper
ignored
References
http://archives.seul.org/or/announce/Jun-2009/msg00000.html
http://secunia.com/advisories/35546
http://www.osvdb.org/55341
http://www.securityfocus.com/bid/35505
http://www.vupen.com/english/advisories/2009/1716
https://exchange.xforce.ibmcloud.com/vulnerabilities/51377
http://archives.seul.org/or/announce/Jun-2009/msg00000.html
http://secunia.com/advisories/35546
http://www.osvdb.org/55341
http://www.securityfocus.com/bid/35505
http://www.vupen.com/english/advisories/2009/1716
https://exchange.xforce.ibmcloud.com/vulnerabilities/51377