CVE-2017-0377

Sažetak

Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families.

Reference

https://blog.torproject.org/blog/tor-0309-released-security-update-clients
https://blog.torproject.org/blog/tor-0314-alpha-released-security-update-clients
https://github.com/torproject/tor/commit/665baf5ed5c6186d973c46cdea165c0548027350
https://security-tracker.debian.org/CVE-2017-0377
https://trac.torproject.org/projects/tor/ticket/22753

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

14-07-2017 - 14:21

Objavljeno

02-07-2017 - 15:29