CVE-2006-3418

Tor before 0.1.1.20 does not validate that a server descriptors fingerprint line matches its identity key, which allows remote attackers to spoof the fingerprint line, which might be trusted by users or other applications.

Affected Software

Name	Vendor	Start Version	End Version
Tor	Tor	0.0.2 (including)	0.0.2 (including)
Tor	Tor	0.0.2_pre13 (including)	0.0.2_pre13 (including)
Tor	Tor	0.0.2_pre14 (including)	0.0.2_pre14 (including)
Tor	Tor	0.0.2_pre15 (including)	0.0.2_pre15 (including)
Tor	Tor	0.0.2_pre16 (including)	0.0.2_pre16 (including)
Tor	Tor	0.0.2_pre17 (including)	0.0.2_pre17 (including)
Tor	Tor	0.0.2_pre18 (including)	0.0.2_pre18 (including)
Tor	Tor	0.0.2_pre19 (including)	0.0.2_pre19 (including)
Tor	Tor	0.0.2_pre20 (including)	0.0.2_pre20 (including)
Tor	Tor	0.0.2_pre21 (including)	0.0.2_pre21 (including)
Tor	Tor	0.0.2_pre22 (including)	0.0.2_pre22 (including)
Tor	Tor	0.0.2_pre23 (including)	0.0.2_pre23 (including)
Tor	Tor	0.0.2_pre24 (including)	0.0.2_pre24 (including)
Tor	Tor	0.0.2_pre25 (including)	0.0.2_pre25 (including)
Tor	Tor	0.0.2_pre26 (including)	0.0.2_pre26 (including)
Tor	Tor	0.0.2_pre27 (including)	0.0.2_pre27 (including)
Tor	Tor	0.0.3 (including)	0.0.3 (including)
Tor	Tor	0.0.4 (including)	0.0.4 (including)
Tor	Tor	0.0.5 (including)	0.0.5 (including)
Tor	Tor	0.0.6 (including)	0.0.6 (including)
Tor	Tor	0.0.6.1 (including)	0.0.6.1 (including)
Tor	Tor	0.0.6.2 (including)	0.0.6.2 (including)
Tor	Tor	0.0.7 (including)	0.0.7 (including)
Tor	Tor	0.0.7.1 (including)	0.0.7.1 (including)
Tor	Tor	0.0.7.2 (including)	0.0.7.2 (including)
Tor	Tor	0.0.7.3 (including)	0.0.7.3 (including)
Tor	Tor	0.0.8 (including)	0.0.8 (including)
Tor	Tor	0.0.8.1 (including)	0.0.8.1 (including)
Tor	Tor	0.0.9 (including)	0.0.9 (including)
Tor	Tor	0.0.9.1 (including)	0.0.9.1 (including)
Tor	Tor	0.0.9.2 (including)	0.0.9.2 (including)
Tor	Tor	0.0.9.3 (including)	0.0.9.3 (including)
Tor	Tor	0.0.9.4 (including)	0.0.9.4 (including)
Tor	Tor	0.0.9.5 (including)	0.0.9.5 (including)
Tor	Tor	0.0.9.6 (including)	0.0.9.6 (including)
Tor	Tor	0.0.9.7 (including)	0.0.9.7 (including)
Tor	Tor	0.0.9.8 (including)	0.0.9.8 (including)
Tor	Tor	0.0.9.9 (including)	0.0.9.9 (including)
Tor	Tor	0.0.9.10 (including)	0.0.9.10 (including)
Tor	Tor	0.1.0.1 (including)	0.1.0.1 (including)
Tor	Tor	0.1.0.2 (including)	0.1.0.2 (including)
Tor	Tor	0.1.0.3 (including)	0.1.0.3 (including)
Tor	Tor	0.1.0.4 (including)	0.1.0.4 (including)
Tor	Tor	0.1.0.5 (including)	0.1.0.5 (including)
Tor	Tor	0.1.0.6 (including)	0.1.0.6 (including)
Tor	Tor	0.1.0.7 (including)	0.1.0.7 (including)
Tor	Tor	0.1.0.8 (including)	0.1.0.8 (including)
Tor	Tor	0.1.0.9 (including)	0.1.0.9 (including)
Tor	Tor	0.1.0.10 (including)	0.1.0.10 (including)
Tor	Tor	0.1.0.11 (including)	0.1.0.11 (including)
Tor	Tor	0.1.0.12 (including)	0.1.0.12 (including)
Tor	Tor	0.1.0.13 (including)	0.1.0.13 (including)
Tor	Tor	0.1.0.14 (including)	0.1.0.14 (including)
Tor	Tor	0.1.0.15 (including)	0.1.0.15 (including)
Tor	Tor	0.1.0.16 (including)	0.1.0.16 (including)
Tor	Tor	0.1.0.17 (including)	0.1.0.17 (including)
Tor	Tor	0.1.0.18 (including)	0.1.0.18 (including)
Tor	Tor	0.1.0.19 (including)	0.1.0.19 (including)
Tor	Tor	0.1.1.1_alpha (including)	0.1.1.1_alpha (including)
Tor	Tor	0.1.1.2_alpha (including)	0.1.1.2_alpha (including)
Tor	Tor	0.1.1.3_alpha (including)	0.1.1.3_alpha (including)
Tor	Tor	0.1.1.4_alpha (including)	0.1.1.4_alpha (including)
Tor	Tor	0.1.1.5_alpha (including)	0.1.1.5_alpha (including)
Tor	Tor	0.1.1.6_alpha (including)	0.1.1.6_alpha (including)
Tor	Tor	0.1.1.7_alpha (including)	0.1.1.7_alpha (including)
Tor	Tor	0.1.1.8_alpha (including)	0.1.1.8_alpha (including)
Tor	Tor	0.1.1.9_alpha (including)	0.1.1.9_alpha (including)
Tor	Tor	0.1.1.10_alpha (including)	0.1.1.10_alpha (including)
Tor	Ubuntu	dapper	*
Tor	Ubuntu	edgy	*
Tor	Ubuntu	feisty	*
Tor	Ubuntu	gutsy	*
Tor	Ubuntu	hardy	*
Tor	Ubuntu	intrepid	*
Tor	Ubuntu	upstream	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-3418
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References