var-201012-0256
Vulnerability from variot
Heap-based buffer overflow in Tor before 0.2.1.28 and 0.2.2.x before 0.2.2.20-alpha allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors. Tor is an implementation of the second generation of onion routing, through which users can communicate anonymously over the Internet. Tor is prone to an unspecified heap-based buffer-overflow vulnerability because it fails to properly validate user-supplied input. Failed exploit attempts will likely result in denial-of-service conditions. No additional information is available.
Workaround
There is no known workaround at this time.
Resolution
All Tor users should upgrade to the latest stable version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/tor-0.2.1.28"
References
[ 1 ] CVE-2010-1676 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1676
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201101-02.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial: http://secunia.com/products/corporate/vim/
TITLE: Tor Unspecified Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA42536
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42536/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42536
RELEASE DATE: 2010-12-28
DISCUSS ADVISORY: http://secunia.com/advisories/42536/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/42536/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42536
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Tor, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
SOLUTION: Update to version 0.2.1.28.
Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
PROVIDED AND/OR DISCOVERED BY: The vendor credits Willem Pinckaers.
ORIGINAL ADVISORY: https://gitweb.torproject.org/tor.git/blob/release-0.2.1:/ChangeLog http://archives.seul.org/or/announce/Dec-2010/msg00000.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. By supplying specially crafted packets a remote attacker can cause Tor to overflow its heap, crashing the process. Arbitrary code execution has not been confirmed but there is a potential risk.
In the stable distribution (lenny), this update also includes an update of the IP address for the Tor directory authority gabelmoo and addresses a weakness in the package's postinst maintainer script.
For the stable distribution (lenny) this problem has been fixed in version 0.2.1.26-1~lenny+4.
For the testing distribution (squeeze) and the unstable distribution (sid), this problem has been fixed in version 0.2.1.26-6.
We recommend that you upgrade your tor packages.
Upgrade instructions
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk0RRVsACgkQYy49rUbZzlp2mACeP+489ptl1vz0BQoJW1F2w9x4 K4oAnAjVvOvl898mVCeSJRhkKtEXT5nG =eMo2 -----END PGP SIGNATURE----- . This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201012-0256",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tor",
"scope": "eq",
"trust": 1.9,
"vendor": "tor",
"version": "0.1.2.16"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.9,
"vendor": "tor",
"version": "0.0.9.1"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.9,
"vendor": "tor",
"version": "0.0.9.10"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.9,
"vendor": "tor",
"version": "0.0.9.2"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.9,
"vendor": "tor",
"version": "0.0.9.3"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.9,
"vendor": "tor",
"version": "0.0.9.4"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.9,
"vendor": "tor",
"version": "0.0.9.5"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.9,
"vendor": "tor",
"version": "0.0.9.6"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.9,
"vendor": "tor",
"version": "0.0.9.7"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.9,
"vendor": "tor",
"version": "0.0.9.8"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.9,
"vendor": "tor",
"version": "0.0.9.9"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.9,
"vendor": "tor",
"version": "0.1.0.10"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.9,
"vendor": "tor",
"version": "0.1.0.11"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.9,
"vendor": "tor",
"version": "0.1.0.12"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.9,
"vendor": "tor",
"version": "0.1.0.13"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.9,
"vendor": "tor",
"version": "0.1.0.14"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.9,
"vendor": "tor",
"version": "0.1.1.20"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.6,
"vendor": "tor",
"version": "0.1.2.14"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.6,
"vendor": "tor",
"version": "0.1.2.13"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.6,
"vendor": "tor",
"version": "0.1.1"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.6,
"vendor": "tor",
"version": "0.0.2_pre23"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.6,
"vendor": "tor",
"version": "0.0.2_pre22"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.6,
"vendor": "tor",
"version": "0.0.2_pre17"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.6,
"vendor": "tor",
"version": "0.0.2_pre24"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.6,
"vendor": "tor",
"version": "0.1.2.10"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.6,
"vendor": "tor",
"version": "0.1.2.12"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.6,
"vendor": "tor",
"version": "0.0.2_pre21"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.6,
"vendor": "tor",
"version": "0.1.2.11"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.3,
"vendor": "tor",
"version": "0.0.9"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.2_pre25"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.2.2.18"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.0.18"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.22"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.2"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.7.2"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.2.19"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.2.1.1.25"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.0.4"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.23"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.2.4"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.2.30"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.2.2.4"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.2.2.14"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.11"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.0.17"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.7"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.2.1.1.22"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.2.1.1.13"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.0.3"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.0.2"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.2.1.1.15"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.2_pre20"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.4"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.2.18"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.2.5"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.6.2"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.2.2.13"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.2.2.6"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.2.1.1.14"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.2.2.7"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.1_alpha"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.4"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.2.2.2"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.2.1.1.12"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.2.2.16"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.0.8"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.2.1.1.16"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.2.1.1.20"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.6"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.10_alpha"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.2_pre18"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.2.2"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.2.2.8"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.0.19"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.7"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.9"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.12"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.10"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.0.9"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.0.1"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.2.1.1.21"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.25"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.2_pre13"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.14"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.2_pre16"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.2.1.1.26"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.2_pre15"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.7_alpha"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.15"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.2.1.1.18"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.0.16"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.4_alpha"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.2.2.3"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.2_alpha"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.6"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.2.7"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.8"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.2_pre14"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.3"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.6.1"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.13"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.2_pre19"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.2.1.1.17"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.2.2.12"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.5"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.1"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.2_pre27"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.2.1.1.19"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.2.2.15"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.17"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.9_alpha"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.2.2.19"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.2.2.10"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.6_alpha"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.0.7"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.8_alpha"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.19"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.2"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.16"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.2.1.1.24"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.3_alpha"
},
{
"model": "tor",
"scope": "lte",
"trust": 1.0,
"vendor": "tor",
"version": "0.2.1.1.27"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.21"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.26"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.2.2.11"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.2.1.1.23"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.2_pre26"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.7.3"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.0.5"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.2.2.5"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.2.2.17"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.18"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.3"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.2.2.9"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.0.15"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.8"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.2.1_alpha-cvs"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.2.9"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.8.1"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.5"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.2.2.1"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.0.7.1"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.0.6"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "tor",
"version": "0.1.1.5_alpha"
},
{
"model": "alpha-cvs",
"scope": "eq",
"trust": 0.9,
"vendor": "tor",
"version": "0.1.2.1"
},
{
"model": "tor",
"scope": "eq",
"trust": 0.9,
"vendor": "tor",
"version": "0.1.2.15"
},
{
"model": "tor",
"scope": "eq",
"trust": 0.9,
"vendor": "tor",
"version": "0.2.1.20"
},
{
"model": "tor",
"scope": "eq",
"trust": 0.9,
"vendor": "tor",
"version": "0.2.1.21"
},
{
"model": "tor",
"scope": "eq",
"trust": 0.9,
"vendor": "tor",
"version": "0.2.1.22"
},
{
"model": "tor",
"scope": "eq",
"trust": 0.9,
"vendor": "tor",
"version": "0.2.1.27"
},
{
"model": "tor",
"scope": "eq",
"trust": 0.9,
"vendor": "tor",
"version": "0.118"
},
{
"model": "tor",
"scope": "eq",
"trust": 0.9,
"vendor": "tor",
"version": "0.1.123"
},
{
"model": "tor",
"scope": "eq",
"trust": 0.9,
"vendor": "tor",
"version": "0.2.31"
},
{
"model": "tor",
"scope": "eq",
"trust": 0.9,
"vendor": "tor",
"version": "0.2.32"
},
{
"model": "tor",
"scope": "eq",
"trust": 0.9,
"vendor": "tor",
"version": "0.2.33"
},
{
"model": "tor",
"scope": "eq",
"trust": 0.9,
"vendor": "tor",
"version": "0.2.34"
},
{
"model": "tor",
"scope": "eq",
"trust": 0.9,
"vendor": "tor",
"version": "0.2.35"
},
{
"model": "tor",
"scope": "eq",
"trust": 0.8,
"vendor": "the tor",
"version": "0.2.2.20-alpha"
},
{
"model": "tor",
"scope": "lt",
"trust": 0.8,
"vendor": "the tor",
"version": "0.2.2.x"
},
{
"model": "0.1.1.1-alpha",
"scope": null,
"trust": 0.6,
"vendor": "tor",
"version": null
},
{
"model": "0.1.1.2-alpha",
"scope": null,
"trust": 0.6,
"vendor": "tor",
"version": null
},
{
"model": "0.1.1.3-alpha",
"scope": null,
"trust": 0.6,
"vendor": "tor",
"version": null
},
{
"model": "0.1.1.4-alpha",
"scope": null,
"trust": 0.6,
"vendor": "tor",
"version": null
},
{
"model": "0.1.1.5-alpha",
"scope": null,
"trust": 0.6,
"vendor": "tor",
"version": null
},
{
"model": "\u003c0.2.2.20-alpha",
"scope": null,
"trust": 0.6,
"vendor": "tor",
"version": null
},
{
"model": "tor",
"scope": "eq",
"trust": 0.6,
"vendor": "tor",
"version": "0.2.1.28"
},
{
"model": "tor",
"scope": "eq",
"trust": 0.3,
"vendor": "tor",
"version": "0.1.214"
},
{
"model": ".5-alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "tor",
"version": "0.1.1"
},
{
"model": ".4-alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "tor",
"version": "0.1.1"
},
{
"model": ".3-alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "tor",
"version": "0.1.1"
},
{
"model": ".2-alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "tor",
"version": "0.1.1"
},
{
"model": ".1-alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "tor",
"version": "0.1.1"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "tor",
"scope": "ne",
"trust": 0.3,
"vendor": "tor",
"version": "0.2.1.28"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-3318"
},
{
"db": "CNVD",
"id": "CNVD-2010-3344"
},
{
"db": "BID",
"id": "45500"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002937"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-262"
},
{
"db": "NVD",
"id": "CVE-2010-1676"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:torproject:tor",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002937"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Secunia",
"sources": [
{
"db": "PACKETSTORM",
"id": "97609"
},
{
"db": "PACKETSTORM",
"id": "97111"
},
{
"db": "PACKETSTORM",
"id": "97176"
},
{
"db": "PACKETSTORM",
"id": "96954"
}
],
"trust": 0.4
},
"cve": "CVE-2010-1676",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2010-1676",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-1676",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2010-1676",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201012-262",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002937"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-262"
},
{
"db": "NVD",
"id": "CVE-2010-1676"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based buffer overflow in Tor before 0.2.1.28 and 0.2.2.x before 0.2.2.20-alpha allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors. Tor is an implementation of the second generation of onion routing, through which users can communicate anonymously over the Internet. Tor is prone to an unspecified heap-based buffer-overflow vulnerability because it fails to properly validate user-supplied input. Failed exploit attempts will likely result in denial-of-service conditions. No additional information is available. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Tor users should upgrade to the latest stable version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/tor-0.2.1.28\"\n\nReferences\n==========\n\n [ 1 ] CVE-2010-1676\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1676\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201101-02.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. ----------------------------------------------------------------------\n\n\nSecure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). \n\nRequest a free trial: \nhttp://secunia.com/products/corporate/vim/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nTor Unspecified Buffer Overflow Vulnerability\n\nSECUNIA ADVISORY ID:\nSA42536\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/42536/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42536\n\nRELEASE DATE:\n2010-12-28\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/42536/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/42536/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42536\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Tor, which can be exploited by\nmalicious people to cause a DoS (Denial of Service) and potentially\ncompromise a vulnerable system. \n\nSOLUTION:\nUpdate to version 0.2.1.28. \n\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Willem Pinckaers. \n\nORIGINAL ADVISORY:\nhttps://gitweb.torproject.org/tor.git/blob/release-0.2.1:/ChangeLog\nhttp://archives.seul.org/or/announce/Dec-2010/msg00000.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. By supplying\nspecially crafted packets a remote attacker can cause Tor to overflow its\nheap, crashing the process. Arbitrary code execution has not been\nconfirmed but there is a potential risk. \n\nIn the stable distribution (lenny), this update also includes an update of\nthe IP address for the Tor directory authority gabelmoo and addresses\na weakness in the package\u0027s postinst maintainer script. \n\n\nFor the stable distribution (lenny) this problem has been fixed in\nversion 0.2.1.26-1~lenny+4. \n\nFor the testing distribution (squeeze) and the unstable distribution (sid),\nthis problem has been fixed in version 0.2.1.26-6. \n\n\nWe recommend that you upgrade your tor packages. \n\nUpgrade instructions\n- --------------------\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration. \n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show \u003cpkg\u003e\u0027 and http://packages.debian.org/\u003cpkg\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (GNU/Linux)\n\niEYEARECAAYFAk0RRVsACgkQYy49rUbZzlp2mACeP+489ptl1vz0BQoJW1F2w9x4\nK4oAnAjVvOvl898mVCeSJRhkKtEXT5nG\n=eMo2\n-----END PGP SIGNATURE-----\n. This fixes a vulnerability,\nwhich can be exploited by malicious people to cause a DoS (Denial of\nService) and potentially compromise a vulnerable system",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-1676"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002937"
},
{
"db": "CNVD",
"id": "CNVD-2010-3318"
},
{
"db": "CNVD",
"id": "CNVD-2010-3344"
},
{
"db": "BID",
"id": "45500"
},
{
"db": "PACKETSTORM",
"id": "97561"
},
{
"db": "PACKETSTORM",
"id": "97609"
},
{
"db": "PACKETSTORM",
"id": "97111"
},
{
"db": "PACKETSTORM",
"id": "96937"
},
{
"db": "PACKETSTORM",
"id": "97176"
},
{
"db": "PACKETSTORM",
"id": "96954"
}
],
"trust": 3.51
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-1676",
"trust": 4.1
},
{
"db": "SECUNIA",
"id": "42536",
"trust": 2.3
},
{
"db": "BID",
"id": "45500",
"trust": 1.9
},
{
"db": "VUPEN",
"id": "ADV-2010-3290",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1024910",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "42916",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "42783",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "42667",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2011-0114",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002937",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2010-3318",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2010-3344",
"trust": 0.6
},
{
"db": "MLIST",
"id": "[OR-ANNOUNCE] 20101220 TOR 0.2.1.28 IS RELEASED (SECURITY PATCHES)",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "16212",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201012-262",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "97561",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "97609",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "97111",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "96937",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "97176",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "96954",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-3318"
},
{
"db": "CNVD",
"id": "CNVD-2010-3344"
},
{
"db": "BID",
"id": "45500"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002937"
},
{
"db": "PACKETSTORM",
"id": "97561"
},
{
"db": "PACKETSTORM",
"id": "97609"
},
{
"db": "PACKETSTORM",
"id": "97111"
},
{
"db": "PACKETSTORM",
"id": "96937"
},
{
"db": "PACKETSTORM",
"id": "97176"
},
{
"db": "PACKETSTORM",
"id": "96954"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-262"
},
{
"db": "NVD",
"id": "CVE-2010-1676"
}
]
},
"id": "VAR-201012-0256",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-3318"
},
{
"db": "CNVD",
"id": "CNVD-2010-3344"
}
],
"trust": 2.2
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-3318"
},
{
"db": "CNVD",
"id": "CNVD-2010-3344"
}
]
},
"last_update_date": "2024-11-23T22:19:04.844000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "tor-02220-alpha-out-security-patches",
"trust": 0.8,
"url": "http://blog.torproject.org/blog/tor-02220-alpha-out-security-patches"
},
{
"title": "tor-02128-released-security-patches",
"trust": 0.8,
"url": "http://blog.torproject.org/blog/tor-02128-released-security-patches"
},
{
"title": "Tor Unknown Buffer Buffer Overflow Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/2223"
},
{
"title": "Tor heap buffer overflow vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/2356"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-3318"
},
{
"db": "CNVD",
"id": "CNVD-2010-3344"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002937"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002937"
},
{
"db": "NVD",
"id": "CVE-2010-1676"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://gitweb.torproject.org/tor.git/blob/release-0.2.1:/changelog"
},
{
"trust": 2.0,
"url": "http://archives.seul.org/or/announce/dec-2010/msg00000.html"
},
{
"trust": 1.6,
"url": "http://www.vupen.com/english/advisories/2010/3290"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/45500"
},
{
"trust": 1.6,
"url": "http://securitytracker.com/id?1024910"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/42536"
},
{
"trust": 1.6,
"url": "http://blog.torproject.org/blog/tor-02220-alpha-out-security-patches"
},
{
"trust": 1.6,
"url": "http://blog.torproject.org/blog/tor-02128-released-security-patches"
},
{
"trust": 1.1,
"url": "http://security.gentoo.org/glsa/glsa-201101-02.xml"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-december/052657.html"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-december/052690.html"
},
{
"trust": 1.0,
"url": "http://www.debian.org/security/2010/dsa-2136"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2011/0114"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/42783"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/42667"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/42916"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1676"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1676"
},
{
"trust": 0.6,
"url": "http://archives.seul.org/or/announce/dec-2010/msg00000.htmlhttps"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/42536http"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/16212"
},
{
"trust": 0.4,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.4,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.4,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.4,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.4,
"url": "http://secunia.com/products/corporate/vim/"
},
{
"trust": 0.4,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.4,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.3,
"url": "http://www.torproject.org/index.html.en"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1676"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42916"
},
{
"trust": 0.1,
"url": "http://www.gentoo.org/security/en/glsa/glsa-201101-02.xml"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/42916/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/42916/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42536"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/42536/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/42536/"
},
{
"trust": 0.1,
"url": "http://packages.debian.org/\u003cpkg\u003e"
},
{
"trust": 0.1,
"url": "http://security.debian.org/"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/42783/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42783"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/42783/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42667"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/42667/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/42667/#comments"
},
{
"trust": 0.1,
"url": "http://lists.debian.org/debian-security-announce/2010/msg00187.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-3318"
},
{
"db": "CNVD",
"id": "CNVD-2010-3344"
},
{
"db": "BID",
"id": "45500"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002937"
},
{
"db": "PACKETSTORM",
"id": "97561"
},
{
"db": "PACKETSTORM",
"id": "97609"
},
{
"db": "PACKETSTORM",
"id": "97111"
},
{
"db": "PACKETSTORM",
"id": "96937"
},
{
"db": "PACKETSTORM",
"id": "97176"
},
{
"db": "PACKETSTORM",
"id": "96954"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-262"
},
{
"db": "NVD",
"id": "CVE-2010-1676"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2010-3318"
},
{
"db": "CNVD",
"id": "CNVD-2010-3344"
},
{
"db": "BID",
"id": "45500"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002937"
},
{
"db": "PACKETSTORM",
"id": "97561"
},
{
"db": "PACKETSTORM",
"id": "97609"
},
{
"db": "PACKETSTORM",
"id": "97111"
},
{
"db": "PACKETSTORM",
"id": "96937"
},
{
"db": "PACKETSTORM",
"id": "97176"
},
{
"db": "PACKETSTORM",
"id": "96954"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-262"
},
{
"db": "NVD",
"id": "CVE-2010-1676"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-12-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-3318"
},
{
"date": "2010-12-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-3344"
},
{
"date": "2010-12-20T00:00:00",
"db": "BID",
"id": "45500"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-002937"
},
{
"date": "2011-01-15T19:58:29",
"db": "PACKETSTORM",
"id": "97561"
},
{
"date": "2011-01-18T10:42:52",
"db": "PACKETSTORM",
"id": "97609"
},
{
"date": "2010-12-28T08:35:56",
"db": "PACKETSTORM",
"id": "97111"
},
{
"date": "2010-12-23T14:45:57",
"db": "PACKETSTORM",
"id": "96937"
},
{
"date": "2010-12-30T04:57:34",
"db": "PACKETSTORM",
"id": "97176"
},
{
"date": "2010-12-25T08:42:40",
"db": "PACKETSTORM",
"id": "96954"
},
{
"date": "2010-12-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201012-262"
},
{
"date": "2010-12-22T01:00:02.687000",
"db": "NVD",
"id": "CVE-2010-1676"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-12-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-3318"
},
{
"date": "2010-12-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-3344"
},
{
"date": "2015-04-16T17:46:00",
"db": "BID",
"id": "45500"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-002937"
},
{
"date": "2010-12-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201012-262"
},
{
"date": "2024-11-21T01:14:58.320000",
"db": "NVD",
"id": "CVE-2010-1676"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "96937"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-262"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tor heap buffer overflow vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-3344"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-262"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201012-262"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…