Details of VAR-201001-0281

ID

VAR-201001-0281

CVE

CVE-2010-0383

TITLE

Tor Official Directory Query Request Information Disclosure Vulnerability

Trust: 1.2

sources: CNNVD: CNNVD-201001-253 // CNVD: CNVD-2010-5332

DESCRIPTION

Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, uses deprecated identity keys for certain directory authorities, which makes it easier for man-in-the-middle attackers to compromise the anonymity of traffic sources and destinations. Tor (The Onion Router) is an implementation of the second generation of onion routing software, through which users can communicate anonymously over the Internet. If the user submits a specially made query request to the bridge official directory, the directory authority will reveal all the tracked bridge identities in the response of dbg-stability.txt, which is an information disclosure. Tor is prone to a remote information-disclosure vulnerability. Exploits will allow attackers to obtain sensitive information that can help them launch further attacks. NOTE: Since certain Tor infrastructures were compromised, new version 3 identity keys have been issued. Versions prior to Tor 0.2.1.22 are vulnerable

Trust: 2.43

sources: NVD: CVE-2010-0383 // JVNDB: JVNDB-2010-005250 // CNVD: CNVD-2010-5332 // BID: 37901

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2010-5332

AFFECTED PRODUCTS

vendor:	tor	model:	tor	scope:	eq	version:	0.2.2.7	Trust: 1.6
vendor:	tor	model:	tor	scope:	eq	version:	0.1.2.5	Trust: 1.6
vendor:	tor	model:	tor	scope:	eq	version:	0.2.2.3	Trust: 1.6
vendor:	tor	model:	tor	scope:	eq	version:	0.2.2.4	Trust: 1.6
vendor:	tor	model:	tor	scope:	eq	version:	0.2.2.2	Trust: 1.6
vendor:	tor	model:	tor	scope:	eq	version:	0.1.2.9	Trust: 1.6
vendor:	tor	model:	tor	scope:	eq	version:	0.2.2.1	Trust: 1.6
vendor:	tor	model:	tor	scope:	eq	version:	0.2.2.6	Trust: 1.6
vendor:	tor	model:	tor	scope:	eq	version:	0.1.2.7	Trust: 1.6
vendor:	tor	model:	tor	scope:	eq	version:	0.2.2.5	Trust: 1.6
vendor:	tor	model:	tor	scope:	eq	version:	0.0.9.9	Trust: 1.3
vendor:	tor	model:	tor	scope:	eq	version:	0.0.9.5	Trust: 1.3
vendor:	tor	model:	tor	scope:	eq	version:	0.0.9	Trust: 1.3
vendor:	tor	model:	tor	scope:	eq	version:	0.1.0.12	Trust: 1.3
vendor:	tor	model:	tor	scope:	eq	version:	0.1.0.13	Trust: 1.3
vendor:	tor	model:	tor	scope:	eq	version:	0.0.9.1	Trust: 1.3
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.20	Trust: 1.3
vendor:	tor	model:	tor	scope:	eq	version:	0.0.9.8	Trust: 1.3
vendor:	tor	model:	tor	scope:	eq	version:	0.0.9.10	Trust: 1.3
vendor:	tor	model:	tor	scope:	eq	version:	0.1.2.16	Trust: 1.3
vendor:	tor	model:	tor	scope:	eq	version:	0.1.0.14	Trust: 1.3
vendor:	tor	model:	tor	scope:	eq	version:	0.0.9.2	Trust: 1.3
vendor:	tor	model:	tor	scope:	eq	version:	0.0.9.3	Trust: 1.3
vendor:	tor	model:	tor	scope:	eq	version:	0.0.9.4	Trust: 1.3
vendor:	tor	model:	tor	scope:	eq	version:	0.0.9.6	Trust: 1.3
vendor:	tor	model:	tor	scope:	eq	version:	0.1.0.10	Trust: 1.3
vendor:	tor	model:	tor	scope:	eq	version:	0.1.0.11	Trust: 1.3
vendor:	tor	model:	tor	scope:	eq	version:	0.0.9.7	Trust: 1.3
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.15	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.2_pre16	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.9_alpha	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.5	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.2.12	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.8_alpha	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.0.2	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.2.4	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.2.1.1.12	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.6	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.2_pre14	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.2_pre25	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.18	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.4_alpha	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.0.17	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.3	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.2.19	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.2.13	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.0.6	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.14	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.2.10	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.6.2	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.2_pre17	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.2_pre15	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.8.1	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.2.11	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.2.1.1.16	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.1_alpha	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.12	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.2_pre19	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.2.1.1.17	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.17	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.2.1.1.19	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.6_alpha	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.7	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.25	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.2_pre22	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.2_pre13	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.9	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.4	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.2.1.1.21	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.0.3	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.13	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.2_pre21	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.11	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.2.1_alpha-cvs	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.2_pre20	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.2_pre24	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.0.18	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.3_alpha	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.2.1.1.15	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.2.2	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.2	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.2_pre23	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.7	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.22	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.2.1.1.14	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.6.1	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.8	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.0.7	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.2.18	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.2_pre18	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.10_alpha	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.7.1	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.23	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.16	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.2.1.1.13	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.0.19	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.0.4	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.0.16	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.21	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.5	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.2	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.0.8	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.3	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.19	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.2.30	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.6	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.2.14	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.2_pre26	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.0.15	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.8	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.7_alpha	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.7.3	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.7.2	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.26	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.0.5	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.4	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.2_alpha	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.2_pre27	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.1	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.10	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.0.9	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.2.1.1.18	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.0.1	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.2.1.1.20	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.5_alpha	Trust: 1.0
vendor:	the tor	model:	tor	scope:	eq	version:	0.2.2.7-alpha	Trust: 0.8
vendor:	the tor	model:	tor	scope:	lt	version:	0.2.2.x	Trust: 0.8
vendor:	tor	model:	tor	scope:	eq	version:	0.2.x	Trust: 0.6
vendor:	tor	model:	tor	scope:	eq	version:	0.2.35	Trust: 0.3
vendor:	tor	model:	tor	scope:	eq	version:	0.2.34	Trust: 0.3
vendor:	tor	model:	tor	scope:	eq	version:	0.2.33	Trust: 0.3
vendor:	tor	model:	tor	scope:	eq	version:	0.2.32	Trust: 0.3
vendor:	tor	model:	tor	scope:	eq	version:	0.2.31	Trust: 0.3
vendor:	tor	model:	tor	scope:	eq	version:	0.1.214	Trust: 0.3
vendor:	tor	model:	tor	scope:	eq	version:	0.1.123	Trust: 0.3
vendor:	tor	model:	.5-alpha	scope:	eq	version:	0.1.1	Trust: 0.3
vendor:	tor	model:	.4-alpha	scope:	eq	version:	0.1.1	Trust: 0.3
vendor:	tor	model:	.3-alpha	scope:	eq	version:	0.1.1	Trust: 0.3
vendor:	tor	model:	.2-alpha	scope:	eq	version:	0.1.1	Trust: 0.3
vendor:	tor	model:	.1-alpha	scope:	eq	version:	0.1.1	Trust: 0.3
vendor:	tor	model:	tor	scope:	eq	version:	0.118	Trust: 0.3
vendor:	tor	model:	tor	scope:	eq	version:	0.2.1.21	Trust: 0.3
vendor:	tor	model:	tor	scope:	eq	version:	0.2.1.20	Trust: 0.3
vendor:	tor	model:	tor	scope:	eq	version:	0.1.2.15	Trust: 0.3
vendor:	tor	model:	alpha-cvs	scope:	eq	version:	0.1.2.1	Trust: 0.3
vendor:	tor	model:	tor	scope:	ne	version:	0.2.1.22	Trust: 0.3

sources: NVD: CVE-2010-0383 // CNNVD: CNNVD-201001-253 // CNVD: CNVD-2010-5332 // JVNDB: JVNDB-2010-005250 // BID: 37901

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2010-0383
value:	MEDIUM
Trust: 1.8
CNNVD:	CNNVD-201001-253
value:	MEDIUM
Trust: 0.6
CNVD:	CNVD-2010-5332
value:	MEDIUM
Trust: 0.6

NVD:	CVE-2010-0383
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2010-5332
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: NVD: CVE-2010-0383 // CNNVD: CNNVD-201001-253 // CNVD: CNVD-2010-5332 // JVNDB: JVNDB-2010-005250

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.8

sources: NVD: CVE-2010-0383 // JVNDB: JVNDB-2010-005250

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201001-253

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201001-253

CONFIGURATIONS

sources: NVD: CVE-2010-0383

PATCH

title:

Top Page

url:

https://www.torproject.org/

Trust: 0.8

sources: JVNDB: JVNDB-2010-005250

EXTERNAL IDS

db:	NVD	id:	CVE-2010-0383	Trust: 3.3
db:	BID	id:	37901	Trust: 2.5
db:	OSVDB	id:	61977	Trust: 1.6
db:	SECUNIA	id:	38198	Trust: 1.6
db:	JVNDB	id:	JVNDB-2010-005250	Trust: 0.8
db:	MLIST	id:	[OR-TALK] 20100120 TOR PROJECT INFRASTRUCTURE UPDATES IN RESPONSE TO SECURITY BREACH	Trust: 0.6
db:	MLIST	id:	[OR-TALK] 20100120 RE: TOR PROJECT INFRASTRUCTURE UPDATES IN RESPONSE TO SECURITY BREACH	Trust: 0.6
db:	MLIST	id:	[OR-TALK] 20100120 TOR 0.2.2.7-ALPHA IS OUT	Trust: 0.6
db:	MLIST	id:	[OR-ANNOUNCE] 20100121 TOR 0.2.1.22 IS RELEASED (SECURITY FIX)	Trust: 0.6
db:	NSFOCUS	id:	14397	Trust: 0.6
db:	CNNVD	id:	CNNVD-201001-253	Trust: 0.6
db:	CNVD	id:	CNVD-2010-5332	Trust: 0.6

sources: NVD: CVE-2010-0383 // CNNVD: CNNVD-201001-253 // CNVD: CNVD-2010-5332 // JVNDB: JVNDB-2010-005250 // BID: 37901

REFERENCES

url:	http://www.securityfocus.com/bid/37901	Trust: 2.2
url:	http://archives.seul.org/or/talk/jan-2010/msg00161.html	Trust: 1.9
url:	http://archives.seul.org/or/talk/jan-2010/msg00165.html	Trust: 1.6
url:	http://secunia.com/advisories/38198	Trust: 1.6
url:	http://archives.seul.org/or/announce/jan-2010/msg00000.html	Trust: 1.6
url:	http://archives.seul.org/or/talk/jan-2010/msg00162.html	Trust: 1.6
url:	http://osvdb.org/61977	Trust: 1.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0383	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0383	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/14397	Trust: 0.6
url:	http://www.torproject.org/index.html.en	Trust: 0.3

sources: NVD: CVE-2010-0383 // CNNVD: CNNVD-201001-253 // CNVD: CNVD-2010-5332 // JVNDB: JVNDB-2010-005250 // BID: 37901

CREDITS

Roger Dingledine

Trust: 0.6

sources: CNNVD: CNNVD-201001-253

SOURCES

db:	NVD	id:	CVE-2010-0383
db:	CNNVD	id:	CNNVD-201001-253
db:	CNVD	id:	CNVD-2010-5332
db:	JVNDB	id:	JVNDB-2010-005250
db:	BID	id:	37901

LAST UPDATE DATE

2021-12-17T08:08:14.210000+00:00

SOURCES UPDATE DATE

db:	NVD	id:	CVE-2010-0383	date:	2010-02-05T07:13:00
db:	CNNVD	id:	CNNVD-201001-253	date:	2010-01-26T00:00:00
db:	CNVD	id:	CNVD-2010-5332	date:	2010-01-25T00:00:00
db:	JVNDB	id:	JVNDB-2010-005250	date:	2012-12-20T00:00:00
db:	BID	id:	37901	date:	2015-04-13T21:03:00

SOURCES RELEASE DATE

db:	NVD	id:	CVE-2010-0383	date:	2010-01-25T19:30:00
db:	CNNVD	id:	CNNVD-201001-253	date:	2010-01-25T00:00:00
db:	CNVD	id:	CNVD-2010-5332	date:	2010-01-25T00:00:00
db:	JVNDB	id:	JVNDB-2010-005250	date:	2012-12-20T00:00:00
db:	BID	id:	37901	date:	2010-01-21T00:00:00