Tor Clients Information Disclosure Vulnerability (Linux) Network Vulnerability

Summary

This host is installed with Tor and is prone to Information Disclosure vulnerability.

Impact

Successful exploitation will allow attackers to obtain client IP information that can help them launch further attacks. Impact level: Application

Solution

Upgrade to version 0.2.2.7-alpha http://www.torproject.org/download.html.en

Insight

The issue is due to directory mirror which does not prevent logging of the client IP address upon detection of erroneous client behavior, which might make it easier for local users to discover the identities of clients by reading log files.

Affected

Tor version 0.2.2.x before 0.2.2.7-alpha on Linux.

References

http://archives.seul.org/or/announce/Jan-2010/msg00000.html
http://secunia.com/advisories/38198

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-0384
CVSS Base Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Firewall Builder Privilege Escalation Vulnerability (Linux)
BlackBerry Desktop Software Information Disclosure Vulnerability
Apple Safari Information Disclosure Vulnerability Dec13 (Mac OS X)
Amanda Index Server version
Create System Characteristics

Take action and discover your vulnerabilities