Vulnerabilities > CVE-2009-0939 - Denial of Service vulnerability in Tor

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

tor

critical

nessus

NVD

Published: 2009-03-18

Updated: 2009-04-18

Summary

Tor before 0.2.0.34 treats incomplete IPv4 addresses as valid, which has unknown impact and attack vectors related to "Spec conformance," as demonstrated using 192.168.0.

Vulnerable Configurations

Part	Description	Count
Application	Tor TOR TOR 0.2.0.1 TOR TOR 0.2.0.2 TOR TOR 0.2.0.3 TOR TOR 0.2.0.4 TOR TOR 0.2.0.5 TOR TOR 0.2.0.6 TOR TOR 0.2.0.10 TOR TOR 0.2.0.11 TOR TOR 0.2.0.12 TOR TOR 0.2.0.13 TOR TOR 0.2.0.14 TOR TOR 0.2.0.15 TOR TOR 0.2.0.16 TOR TOR 0.2.0.17 TOR TOR 0.2.0.18 TOR TOR 0.2.0.19 TOR TOR 0.2.0.20 TOR TOR 0.2.0.21 TOR TOR 0.2.0.22 TOR TOR 0.2.0.23 TOR TOR 0.2.0.24 TOR TOR 0.2.0.25 TOR TOR 0.2.0.26 TOR TOR 0.2.0.27 TOR TOR 0.2.0.28 TOR TOR 0.2.0.29 TOR TOR 0.2.0.30 TOR TOR 0.2.0.31 TOR TOR 0.2.0.32 TOR TOR *	30

Nessus

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200904-11.NASL
description	The remote host is affected by the vulnerability described in GLSA-200904-11 (Tor: Multiple vulnerabilities) Theo de Raadt reported that the application does not properly drop privileges to the primary groups of the user specified via the
last seen	2020-06-01
modified	2020-06-02
plugin id	36139
published	2009-04-11
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/36139
title	GLSA-200904-11 : Tor: Multiple vulnerabilities

Summary

Vulnerable Configurations

Nessus

References