CVE Vulnerabilities

CVE-2007-4174

Published: Aug 07, 2007 | Modified: Jul 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu
LOW

Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid authentication, as demonstrated by an HTML form (1) hosted on a web site or (2) injected by a Tor exit node.

Affected Software

Name Vendor Start Version End Version
Tor Tor * 0.1.2.15 (including)
Tor Tor 0.1.2.1-alpha (including) 0.1.2.1-alpha (including)
Tor Tor 0.1.2.2 (including) 0.1.2.2 (including)
Tor Tor 0.1.2.3-alpha (including) 0.1.2.3-alpha (including)
Tor Tor 0.1.2.4 (including) 0.1.2.4 (including)
Tor Tor 0.1.2.5 (including) 0.1.2.5 (including)
Tor Tor 0.1.2.5-alpha (including) 0.1.2.5-alpha (including)
Tor Tor 0.1.2.6-alpha (including) 0.1.2.6-alpha (including)
Tor Tor 0.1.2.7-alpha (including) 0.1.2.7-alpha (including)
Tor Tor 0.1.2.8-beta (including) 0.1.2.8-beta (including)
Tor Tor 0.1.2.9 (including) 0.1.2.9 (including)
Tor Tor 0.1.2.10 (including) 0.1.2.10 (including)
Tor Tor 0.1.2.11 (including) 0.1.2.11 (including)
Tor Tor 0.1.2.12 (including) 0.1.2.12 (including)
Tor Tor 0.1.2.13 (including) 0.1.2.13 (including)
Tor Tor 0.1.2.14 (including) 0.1.2.14 (including)
Tor Ubuntu dapper *
Tor Ubuntu edgy *
Tor Ubuntu feisty *

References