CVE Vulnerabilities

CVE-2013-7295

Published: Jan 17, 2014 | Modified: Feb 12, 2014
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4 MEDIUM
AV:N/AC:H/Au:N/C:P/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu
LOW

Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for (1) relay identity keys and (2) hidden-service identity keys, which might make it easier for remote attackers to bypass cryptographic protection mechanisms via unspecified vectors.

Affected Software

Name Vendor Start Version End Version
Tor Torproject * 0.2.4.19 (including)
Tor Torproject 0.2.4.1-alpha (including) 0.2.4.1-alpha (including)
Tor Torproject 0.2.4.2-alpha (including) 0.2.4.2-alpha (including)
Tor Torproject 0.2.4.3-alpha (including) 0.2.4.3-alpha (including)
Tor Torproject 0.2.4.4-alpha (including) 0.2.4.4-alpha (including)
Tor Torproject 0.2.4.5-alpha (including) 0.2.4.5-alpha (including)
Tor Torproject 0.2.4.6-alpha (including) 0.2.4.6-alpha (including)
Tor Torproject 0.2.4.7-alpha (including) 0.2.4.7-alpha (including)
Tor Torproject 0.2.4.8-alpha (including) 0.2.4.8-alpha (including)
Tor Torproject 0.2.4.9-alpha (including) 0.2.4.9-alpha (including)
Tor Torproject 0.2.4.10-alpha (including) 0.2.4.10-alpha (including)
Tor Torproject 0.2.4.11-alpha (including) 0.2.4.11-alpha (including)
Tor Torproject 0.2.4.12-alpha (including) 0.2.4.12-alpha (including)
Tor Torproject 0.2.4.13-alpha (including) 0.2.4.13-alpha (including)
Tor Torproject 0.2.4.14-alpha (including) 0.2.4.14-alpha (including)
Tor Torproject 0.2.4.15-rc (including) 0.2.4.15-rc (including)
Tor Torproject 0.2.4.16-rc (including) 0.2.4.16-rc (including)
Tor Torproject 0.2.4.17-rc (including) 0.2.4.17-rc (including)
Tor Torproject 0.2.4.18-rc (including) 0.2.4.18-rc (including)
Tor Ubuntu precise *
Tor Ubuntu quantal *
Tor Ubuntu raring *
Tor Ubuntu saucy *
Tor Ubuntu upstream *

References