Details of VAR-201001-0713

ID

VAR-201001-0713

CVE

CVE-2010-0385

TITLE

Tor official directory query request sensitive information disclosure vulnerability

Trust: 1.2

sources: CNVD: CNVD-2010-5331 // CNNVD: CNNVD-201001-255

DESCRIPTION

Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, when functioning as a bridge directory authority, allows remote attackers to obtain sensitive information about bridge identities and bridge descriptors via a dbg-stability.txt directory query. Tor (The Onion Router) is an implementation of the second generation of onion routing, through which users can communicate anonymously over the Internet. Tor is prone to a remote information-disclosure vulnerability. Exploits will allow attackers to obtain sensitive information that can help them launch further attacks. NOTE: Since certain Tor infrastructures were compromised, new version 3 identity keys have been issued. Versions prior to Tor 0.2.1.22 are vulnerable. ---------------------------------------------------------------------- Secunia integrated with Microsoft WSUS http://secunia.com/blog/71/ ---------------------------------------------------------------------- TITLE: Tor Directory Authorities Directory Queries Information Disclosure SECUNIA ADVISORY ID: SA38198 VERIFY ADVISORY: http://secunia.com/advisories/38198/ DESCRIPTION: A security issue has been reported in Tor, which can be exploited by malicious people to disclose potentially sensitive information. SOLUTION: Update to version 0.2.1.22. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://permalink.gmane.org/gmane.network.onion-routing.announce/30 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.52

sources: NVD: CVE-2010-0385 // JVNDB: JVNDB-2010-005252 // CNVD: CNVD-2010-5331 // BID: 37901 // PACKETSTORM: 85478

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2010-5331

AFFECTED PRODUCTS

vendor:	tor	model:	tor	scope:	eq	version:	0.2.2.1	Trust: 1.6
vendor:	tor	model:	tor	scope:	eq	version:	0.1.2.5	Trust: 1.6
vendor:	tor	model:	tor	scope:	eq	version:	0.2.2.4	Trust: 1.6
vendor:	tor	model:	tor	scope:	eq	version:	0.2.2.5	Trust: 1.6
vendor:	tor	model:	tor	scope:	eq	version:	0.1.2.9	Trust: 1.6
vendor:	tor	model:	tor	scope:	eq	version:	0.2.2.6	Trust: 1.6
vendor:	tor	model:	tor	scope:	eq	version:	0.2.2.3	Trust: 1.6
vendor:	tor	model:	tor	scope:	eq	version:	0.2.2.2	Trust: 1.6
vendor:	tor	model:	tor	scope:	eq	version:	0.1.2.7	Trust: 1.6
vendor:	tor	model:	tor	scope:	eq	version:	0.2.2.7	Trust: 1.6
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.20	Trust: 1.3
vendor:	tor	model:	tor	scope:	eq	version:	0.1.0.14	Trust: 1.3
vendor:	tor	model:	tor	scope:	eq	version:	0.1.0.13	Trust: 1.3
vendor:	tor	model:	tor	scope:	eq	version:	0.1.0.12	Trust: 1.3
vendor:	tor	model:	tor	scope:	eq	version:	0.1.0.11	Trust: 1.3
vendor:	tor	model:	tor	scope:	eq	version:	0.1.0.10	Trust: 1.3
vendor:	tor	model:	tor	scope:	eq	version:	0.0.9.9	Trust: 1.3
vendor:	tor	model:	tor	scope:	eq	version:	0.0.9.8	Trust: 1.3
vendor:	tor	model:	tor	scope:	eq	version:	0.0.9.7	Trust: 1.3
vendor:	tor	model:	tor	scope:	eq	version:	0.0.9.6	Trust: 1.3
vendor:	tor	model:	tor	scope:	eq	version:	0.0.9.5	Trust: 1.3
vendor:	tor	model:	tor	scope:	eq	version:	0.0.9.4	Trust: 1.3
vendor:	tor	model:	tor	scope:	eq	version:	0.0.9.3	Trust: 1.3
vendor:	tor	model:	tor	scope:	eq	version:	0.0.9.2	Trust: 1.3
vendor:	tor	model:	tor	scope:	eq	version:	0.0.9.10	Trust: 1.3
vendor:	tor	model:	tor	scope:	eq	version:	0.0.9.1	Trust: 1.3
vendor:	tor	model:	tor	scope:	eq	version:	0.0.9	Trust: 1.3
vendor:	tor	model:	tor	scope:	eq	version:	0.1.2.16	Trust: 1.3
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.7	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.1_alpha	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.25	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.2.1.1.21	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.3	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.19	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.8	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.2.2	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.2	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.2.1.1.16	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.0.15	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.7	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.14	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.1	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.6	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.8.1	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.5	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.4	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.2.10	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.21	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.2.1.1.14	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.2_pre21	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.2	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.2.18	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.18	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.2.1_alpha-cvs	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.2_pre14	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.0.7	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.0.19	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.16	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.10_alpha	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.2.1.1.13	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.0.16	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.13	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.2_pre18	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.0.3	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.2.12	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.2_alpha	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.0.17	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.0.18	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.2.19	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.4	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.2_pre22	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.5_alpha	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.23	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.22	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.26	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.2.4	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.17	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.4_alpha	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.8	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.2.1.1.18	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.12	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.6.1	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.8_alpha	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.5	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.2_pre16	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.9_alpha	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.11	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.2_pre17	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.7.2	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.2.30	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.0.8	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.7_alpha	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.0.4	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.2_pre27	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.2.1.1.20	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.2.13	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.2.1.1.17	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.6_alpha	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.9	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.2_pre24	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.7.1	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.2_pre25	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.2_pre13	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.2_pre19	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.0.5	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.15	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.2.1.1.12	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.2_pre15	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.2_pre23	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.0.9	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.2_pre26	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.0.2	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.0.6	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.2.11	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.2.1.1.15	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.2_pre20	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.0.1	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.10	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.6.2	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.2.14	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.6	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.3_alpha	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.0.7.3	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.1.1.3	Trust: 1.0
vendor:	tor	model:	tor	scope:	eq	version:	0.2.1.1.19	Trust: 1.0
vendor:	the tor	model:	tor	scope:	eq	version:	0.2.2.7-alpha	Trust: 0.8
vendor:	the tor	model:	tor	scope:	lt	version:	0.2.2.x	Trust: 0.8
vendor:	tor	model:	tor	scope:	eq	version:	0.2.x	Trust: 0.6
vendor:	tor	model:	tor	scope:	eq	version:	0.2.35	Trust: 0.3
vendor:	tor	model:	tor	scope:	eq	version:	0.2.34	Trust: 0.3
vendor:	tor	model:	tor	scope:	eq	version:	0.2.33	Trust: 0.3
vendor:	tor	model:	tor	scope:	eq	version:	0.2.32	Trust: 0.3
vendor:	tor	model:	tor	scope:	eq	version:	0.2.31	Trust: 0.3
vendor:	tor	model:	tor	scope:	eq	version:	0.1.214	Trust: 0.3
vendor:	tor	model:	tor	scope:	eq	version:	0.1.123	Trust: 0.3
vendor:	tor	model:	.5-alpha	scope:	eq	version:	0.1.1	Trust: 0.3
vendor:	tor	model:	.4-alpha	scope:	eq	version:	0.1.1	Trust: 0.3
vendor:	tor	model:	.3-alpha	scope:	eq	version:	0.1.1	Trust: 0.3
vendor:	tor	model:	.2-alpha	scope:	eq	version:	0.1.1	Trust: 0.3
vendor:	tor	model:	.1-alpha	scope:	eq	version:	0.1.1	Trust: 0.3
vendor:	tor	model:	tor	scope:	eq	version:	0.118	Trust: 0.3
vendor:	tor	model:	tor	scope:	eq	version:	0.2.1.21	Trust: 0.3
vendor:	tor	model:	tor	scope:	eq	version:	0.2.1.20	Trust: 0.3
vendor:	tor	model:	tor	scope:	eq	version:	0.1.2.15	Trust: 0.3
vendor:	tor	model:	alpha-cvs	scope:	eq	version:	0.1.2.1	Trust: 0.3
vendor:	tor	model:	tor	scope:	ne	version:	0.2.1.22	Trust: 0.3

sources: CNVD: CNVD-2010-5331 // BID: 37901 // JVNDB: JVNDB-2010-005252 // CNNVD: CNNVD-201001-255 // NVD: CVE-2010-0385

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-0385
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2010-0385
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2010-5331
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201001-255
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2010-0385
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2010-5331
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2010-5331 // JVNDB: JVNDB-2010-005252 // CNNVD: CNNVD-201001-255 // NVD: CVE-2010-0385

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2010-005252 // NVD: CVE-2010-0385

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201001-255

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201001-255

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-005252

PATCH

title:

Top Page

url:

https://www.torproject.org/

Trust: 0.8

sources: JVNDB: JVNDB-2010-005252

EXTERNAL IDS

db:	NVD	id:	CVE-2010-0385	Trust: 3.3
db:	BID	id:	37901	Trust: 2.5
db:	SECUNIA	id:	38198	Trust: 1.7
db:	OSVDB	id:	61865	Trust: 1.6
db:	JVNDB	id:	JVNDB-2010-005252	Trust: 0.8
db:	CNVD	id:	CNVD-2010-5331	Trust: 0.6
db:	MLIST	id:	[OR-TALK] 20100120 TOR 0.2.2.7-ALPHA IS OUT	Trust: 0.6
db:	MLIST	id:	[OR-ANNOUNCE] 20100121 TOR 0.2.1.22 IS RELEASED (SECURITY FIX)	Trust: 0.6
db:	NSFOCUS	id:	14397	Trust: 0.6
db:	CNNVD	id:	CNNVD-201001-255	Trust: 0.6
db:	PACKETSTORM	id:	85478	Trust: 0.1

sources: CNVD: CNVD-2010-5331 // BID: 37901 // JVNDB: JVNDB-2010-005252 // PACKETSTORM: 85478 // CNNVD: CNNVD-201001-255 // NVD: CVE-2010-0385

REFERENCES

url:	http://www.securityfocus.com/bid/37901	Trust: 2.2
url:	http://www.osvdb.org/61865	Trust: 1.6
url:	http://secunia.com/advisories/38198	Trust: 1.6
url:	http://archives.seul.org/or/talk/jan-2010/msg00162.html	Trust: 1.6
url:	http://archives.seul.org/or/announce/jan-2010/msg00000.html	Trust: 1.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0385	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0385	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/14397	Trust: 0.6
url:	http://www.torproject.org/index.html.en	Trust: 0.3
url:	http://archives.seul.org/or/talk/jan-2010/msg00161.html	Trust: 0.3
url:	http://permalink.gmane.org/gmane.network.onion-routing.announce/30	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/blog/71/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/38198/	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

sources: CNVD: CNVD-2010-5331 // BID: 37901 // JVNDB: JVNDB-2010-005252 // PACKETSTORM: 85478 // CNNVD: CNNVD-201001-255 // NVD: CVE-2010-0385

CREDITS

Roger Dingledine

Trust: 0.6

sources: CNNVD: CNNVD-201001-255

SOURCES

db:	CNVD	id:	CNVD-2010-5331
db:	BID	id:	37901
db:	JVNDB	id:	JVNDB-2010-005252
db:	PACKETSTORM	id:	85478
db:	CNNVD	id:	CNNVD-201001-255
db:	NVD	id:	CVE-2010-0385

LAST UPDATE DATE

2025-04-11T22:59:43.326000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2010-5331	date:	2010-01-25T00:00:00
db:	BID	id:	37901	date:	2015-04-13T21:03:00
db:	JVNDB	id:	JVNDB-2010-005252	date:	2012-12-20T00:00:00
db:	CNNVD	id:	CNNVD-201001-255	date:	2010-01-26T00:00:00
db:	NVD	id:	CVE-2010-0385	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2010-5331	date:	2010-01-25T00:00:00
db:	BID	id:	37901	date:	2010-01-21T00:00:00
db:	JVNDB	id:	JVNDB-2010-005252	date:	2012-12-20T00:00:00
db:	PACKETSTORM	id:	85478	date:	2010-01-21T10:22:16
db:	CNNVD	id:	CNNVD-201001-255	date:	2010-01-25T00:00:00
db:	NVD	id:	CVE-2010-0385	date:	2010-01-25T19:30:01.697