CVE-2007-1103

Tor does not verify a node's uptime and bandwidth advertisements, which allows remote attackers who operate a low resource node to make false claims of greater resources, which places the node into use for many circuits and compromises the anonymity of traffic sources and destinations.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://archives.seul.org/or/talk/Feb-2007/msg00197.html
http://archives.seul.org/or/talk/Feb-2007/msg00200.html
http://archives.seul.org/or/talk/Feb-2007/msg00202.html
http://www.cs.colorado.edu/department/publications/reports/docs/CU-CS-1025-07.pdf
http://osvdb.org/45249

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:tor:tor:*:*:*:*:*:*:*:*

Information

Published : 2007-02-26 09:28

Updated : 2008-11-14 22:43

NVD link : CVE-2007-1103

Mitre link : CVE-2007-1103

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

tor

tor

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://archives.seul.org/or/talk/Feb-2007/msg00197.html", "name": "[or-talk] 20070225 \"Low-Resource Routing Attacks Against Anonymous Systems\"", "tags": [], "refsource": "MLIST"}, {"url": "http://archives.seul.org/or/talk/Feb-2007/msg00200.html", "name": "[or-talk] 20070225 Re: \"Low-Resource Routing Attacks Against Anonymous Systems\"", "tags": [], "refsource": "MLIST"}, {"url": "http://archives.seul.org/or/talk/Feb-2007/msg00202.html", "name": "[or-talk] 20070225 Re: ISP controlling entry/exti (\"Low-Resource Routing Attacks Against Anonymous Systems\")", "tags": [], "refsource": "MLIST"}, {"url": "http://www.cs.colorado.edu/department/publications/reports/docs/CU-CS-1025-07.pdf", "name": "http://www.cs.colorado.edu/department/publications/reports/docs/CU-CS-1025-07.pdf", "tags": [], "refsource": "MISC"}, {"url": "http://osvdb.org/45249", "name": "45249", "tags": [], "refsource": "OSVDB"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Tor does not verify a node's uptime and bandwidth advertisements, which allows remote attackers who operate a low resource node to make false claims of greater resources, which places the node into use for many circuits and compromises the anonymity of traffic sources and destinations."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-1103", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2007-02-26T17:28Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:tor:tor:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "0.1.1.26"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2008-11-15T06:43Z"}