oss-sec mailing list archives
Re: CVE id request: Tor <0.2.0.34 multiple DoS
From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 17 Mar 2009 20:37:50 -0400 (EDT)
====================================================== Name: CVE-2009-0936 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0936 Reference: MLIST:[or-announce] 20090209 Tor 0.2.0.34 is released (security fixes) Reference: URL:http://archives.seul.org/or/announce/Feb-2009/msg00000.html Reference: SECUNIA:33880 Reference: URL:http://secunia.com/advisories/33880 Unspecified vulnerability in Tor before 0.2.0.34 allows attackers to cause a denial of service (infinite loop) via "corrupt votes." ====================================================== Name: CVE-2009-0937 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0937 Reference: MLIST:[or-announce] 20090209 Tor 0.2.0.34 is released (security fixes) Reference: URL:http://archives.seul.org/or/announce/Feb-2009/msg00000.html Reference: SECUNIA:33880 Reference: URL:http://secunia.com/advisories/33880 Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirrors to cause a denial of service via unknown vectors. ====================================================== Name: CVE-2009-0938 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0938 Reference: MLIST:[or-announce] 20090209 Tor 0.2.0.34 is released (security fixes) Reference: URL:http://archives.seul.org/or/announce/Feb-2009/msg00000.html Reference: SECUNIA:33880 Reference: URL:http://secunia.com/advisories/33880 Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirrors to cause a denial of service (exit node crash) via "malformed input." ====================================================== Name: CVE-2009-0939 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0939 Reference: MLIST:[or-announce] 20090209 Tor 0.2.0.34 is released (security fixes) Reference: URL:http://archives.seul.org/or/announce/Feb-2009/msg00000.html Reference: SECUNIA:33880 Reference: URL:http://secunia.com/advisories/33880 Tor before 0.2.0.34 treats incomplete IPv4 addresses as valid, which has unknown impact and attack vectors related to "Spec conformance," as demonstrated using 192.168.0.
Current thread:
- CVE id request: Tor <0.2.0.34 multiple DoS Raphael Marichez (Mar 01)
- Re: CVE id request: Tor <0.2.0.34 multiple DoS Steven M. Christey (Mar 17)