CVE-2007-4174

Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid authentication, as demonstrated by an HTML form (1) hosted on a web site or (2) injected by a Tor exit node.

CVSS v2.0 5.8 MEDIUM

5.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://archives.seul.org/or/announce/Aug-2007/msg00000.html
http://www.securityfocus.com/bid/25188
http://secunia.com/advisories/26301	Vendor Advisory
http://archives.seul.org/or/announce/Sep-2007/msg00000.html
http://www.securitytracker.com/id?1018510
http://osvdb.org/36271
http://www.vupen.com/english/advisories/2007/2768	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/36407
https://exchange.xforce.ibmcloud.com/vulnerabilities/35784

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:tor:tor::::::::
	cpe:2.3:a:tor:tor:0.1.2.8:beta::::::
	cpe:2.3:a:tor:tor:0.1.2.7:alpha::::::
	cpe:2.3:a:tor:tor:0.1.2.10:::::::*
	cpe:2.3:a:tor:tor:0.1.2.9:::::::*
	cpe:2.3:a:tor:tor:0.1.2.1:alpha::::::
	cpe:2.3:a:tor:tor:0.1.2.2:::::::*
	cpe:2.3:a:tor:tor:0.1.2.14:::::::*
	cpe:2.3:a:tor:tor:0.1.2.13:::::::*
	cpe:2.3:a:tor:tor:0.1.2.6:alpha::::::
	cpe:2.3:a:tor:tor:0.1.2.5:alpha::::::
	cpe:2.3:a:tor:tor:0.1.2.5:::::::*
	cpe:2.3:a:tor:tor:0.1.2.4:::::::*
	cpe:2.3:a:tor:tor:0.1.2.11:::::::*
	cpe:2.3:a:tor:tor:0.1.2.3:alpha::::::
	cpe:2.3:a:tor:tor:0.1.2.12:::::::*

Information

Published : 2007-08-07 03:17

Updated : 2017-07-28 18:32

NVD link : CVE-2007-4174

Mitre link : CVE-2007-4174

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Advertisement

Products Affected

tor

tor

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://archives.seul.org/or/announce/Aug-2007/msg00000.html", "name": "[or-announce] 20070802 Tor 0.1.2.16 is released", "tags": [], "refsource": "MLIST"}, {"url": "http://www.securityfocus.com/bid/25188", "name": "25188", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/26301", "name": "26301", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://archives.seul.org/or/announce/Sep-2007/msg00000.html", "name": "[or-announce] 20070901 Tor security advisory: cross-protocol http form attack", "tags": [], "refsource": "MLIST"}, {"url": "http://www.securitytracker.com/id?1018510", "name": "1018510", "tags": [], "refsource": "SECTRACK"}, {"url": "http://osvdb.org/36271", "name": "36271", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.vupen.com/english/advisories/2007/2768", "name": "ADV-2007-2768", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36407", "name": "tor-control-command-execution(36407)", "tags": [], "refsource": "XF"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35784", "name": "tor-controlport-security-bypass(35784)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid authentication, as demonstrated by an HTML form (1) hosted on a web site or (2) injected by a Tor exit node."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-4174", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 4.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2007-08-07T10:17Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:tor:tor:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "0.1.2.15"}, {"cpe23Uri": "cpe:2.3:a:tor:tor:0.1.2.8:beta:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:tor:tor:0.1.2.7:alpha:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:tor:tor:0.1.2.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:tor:tor:0.1.2.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:tor:tor:0.1.2.1:alpha:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:tor:tor:0.1.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:tor:tor:0.1.2.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:tor:tor:0.1.2.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:tor:tor:0.1.2.6:alpha:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:tor:tor:0.1.2.5:alpha:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:tor:tor:0.1.2.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:tor:tor:0.1.2.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:tor:tor:0.1.2.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:tor:tor:0.1.2.3:alpha:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:tor:tor:0.1.2.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-29T01:32Z"}