Details of VAR-201401-0727

ID

VAR-201401-0727

TITLE

Tor 'connection_ap_process_not_open()' function security bypass vulnerability

Trust: 0.9

sources: CNVD: CNVD-2014-00066 // BID: 64649

DESCRIPTION

Tor is an implementation of the second generation of onion routing, through which users can communicate anonymously over the Internet. The Tor 'connection_ap_process_not_open()' function has a security bypass vulnerability. An attacker could exploit this vulnerability to bypass certain security restrictions and perform unauthorized actions. Tor 0.2.4.11-alpha is vulnerable; other versions may also be affected

Trust: 0.81

sources: CNVD: CNVD-2014-00066 // BID: 64649

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-00066

AFFECTED PRODUCTS

vendor:	tor	model:	0.2.4.11-alpha	scope:	-	version:	-	Trust: 0.9
vendor:	tor	model:	0.2.4.12-alpha	scope:	ne	version:	-	Trust: 0.3

sources: CNVD: CNVD-2014-00066 // BID: 64649

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2014-00066
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2014-00066
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2014-00066

THREAT TYPE

network

Trust: 0.3

sources: BID: 64649

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 64649

PATCH

title:

Tor 'connection_ap_process_not_open()' function safely bypasses the patch for the vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/42144

Trust: 0.6

sources: CNVD: CNVD-2014-00066

EXTERNAL IDS

db:	BID	id:	64649	Trust: 0.9
db:	CNVD	id:	CNVD-2014-00066	Trust: 0.6

sources: CNVD: CNVD-2014-00066 // BID: 64649

REFERENCES

url:	http://www.securityfocus.com/bid/64649	Trust: 0.6
url:	https://gitweb.torproject.org/tor.git/blob_plain/head:/changelog	Trust: 0.3
url:	https://trac.torproject.org/projects/tor/ticket/8475	Trust: 0.3
url:	https://www.torproject.org/index.html.en	Trust: 0.3

sources: CNVD: CNVD-2014-00066 // BID: 64649

CREDITS

nickm

Trust: 0.3

sources: BID: 64649

SOURCES

db:	CNVD	id:	CNVD-2014-00066
db:	BID	id:	64649

LAST UPDATE DATE

2022-05-17T02:02:30.857000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-00066	date:	2014-01-07T00:00:00
db:	BID	id:	64649	date:	2013-03-14T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-00066	date:	2014-01-07T00:00:00
db:	BID	id:	64649	date:	2013-03-14T00:00:00