Vulnerabilities > CVE-2014-5117 - RELAY_EARLY Security vulnerability in Tor
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
Tor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a circuit after an inbound RELAY_EARLY cell is received by a client, which makes it easier for remote attackers to conduct traffic-confirmation attacks by using the pattern of RELAY and RELAY_EARLY cells as a means of communicating information about hidden service names.
Vulnerable Configurations
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2014-150.NASL description Updated tor package fixes security vulnerability : Tor before 0.2.4.23 maintains a circuit after an inbound RELAY_EARLY cell is received by a client, which makes it easier for remote attackers to conduct traffic-confirmation attacks by using the pattern of RELAY and RELAY_EARLY cells as a means of communicating information about hidden service names (CVE-2014-5117). last seen 2020-06-01 modified 2020-06-02 plugin id 77038 published 2014-08-07 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77038 title Mandriva Linux Security Advisory : tor (MDVSA-2014:150) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_31C09848182911E4BF0460A44C524F57.NASL description The Tor Project reports : Tor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a circuit after an inbound RELAY_EARLY cell is received by a client, which makes it easier for remote attackers to conduct traffic-confirmation attacks by using the pattern of RELAY and RELAY_EARLY cells as a means of communicating information about hidden service names. last seen 2020-06-01 modified 2020-06-02 plugin id 76922 published 2014-07-31 reporter This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76922 title FreeBSD : tor -- traffic confirmation attack (31c09848-1829-11e4-bf04-60a44c524f57) NASL family Fedora Local Security Checks NASL id FEDORA_2014-9073.NASL description Security fix for CVE-2014-5117 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-08-15 plugin id 77208 published 2014-08-15 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77208 title Fedora 19 : tor-0.2.4.23-1.fc19 (2014-9073) NASL family Fedora Local Security Checks NASL id FEDORA_2014-9082.NASL description Security fix for CVE-2014-5117 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-08-15 plugin id 77209 published 2014-08-15 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77209 title Fedora 20 : tor-0.2.4.23-1.fc20 (2014-9082) NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-492.NASL description - Tor 0.2.4.23 [bnc#889688] [CVE-2014-5117] Slows down the risk from guard rotation and backports several important fixes from the Tor 0.2.5 alpha release series. - Major features : - Clients now look at the last seen 2020-06-05 modified 2014-08-12 plugin id 77136 published 2014-08-12 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77136 title openSUSE Security Update : tor (openSUSE-SU-2014:0975-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2993.NASL description Several issues have been discovered in Tor, a connection-based low-latency anonymous communication system, resulting in information leaks. - Relay-early cells could be used by colluding relays on the network to tag user circuits and so deploy traffic confirmation attacks [ CVE-2014-5117]. The updated version emits a warning and drops the circuit upon receiving inbound relay-early cells, preventing this specific kind of attack. Please consult the following advisory for more details about this issue : https://blog.torproject.org/blog/tor-security-advisory-r elay-early-traffic-confirmation-attack - A bug in the bounds-checking in the 32-bit curve25519-donna implementation could cause incorrect results on 32-bit implementations when certain malformed inputs were used along with a small class of private ntor keys. This flaw does not currently appear to allow an attacker to learn private keys or impersonate a Tor server, but it could provide a means to distinguish 32-bit Tor implementations from 64-bit Tor implementations. The following additional security-related improvements have been implemented : - As a client, the new version will effectively stop using CREATE_FAST cells. While this adds computational load on the network, this approach can improve security on connections where Tor last seen 2020-03-17 modified 2014-08-01 plugin id 76949 published 2014-08-01 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76949 title Debian DSA-2993-1 : tor - security update
References
- http://secunia.com/advisories/60084
- http://secunia.com/advisories/60647
- https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack
- https://lists.torproject.org/pipermail/tor-announce/2014-July/000093.html
- https://lists.torproject.org/pipermail/tor-announce/2014-July/000094.html
- https://lists.torproject.org/pipermail/tor-talk/2014-July/034180.html
- https://trac.torproject.org/projects/tor/ticket/1038