| Title | Tor における送信元および送信先間の通信を特定される脆弱性 |
|---|---|
| Summary | Tor は、以下および終了ルータでセルの認識エラーの観測に関する処理に不備があるため、送信元および送信先間の通信を特定される脆弱性が存在します。 (1) 単一のセルの再生 (2) 単一のセルの変更 (3) 単一のセルの挿入 (4) 単一のセルの削除 |
| Possible impacts | 開始ルータおよび終端ルータの制御を持つ第三者により、送信元および受信先間の通信を特定される可能性があります。 |
| Solution | ベンダ情報および参考情報を参照して適切な対策を実施してください。 |
| Publication Date | Feb. 20, 2009, midnight |
| Registration Date | Dec. 20, 2012, 7:10 p.m. |
| Last Update | Dec. 20, 2012, 7:10 p.m. |
| CVSS2.0 : 警告 | |
| Score | 5.1 |
|---|---|
| Vector | AV:N/AC:H/Au:N/C:P/I:P/A:P |
| The Tor Project |
| Tor 0.2.0.28、0.2.0.34 およびそれ以前 |
| No | Changed Details | Date of change |
|---|---|---|
| 0 | [2012年12月20日] 掲載 |
Feb. 17, 2018, 10:37 a.m. |
| Summary | Tor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote attackers, with control of an entry router and an exit router, to confirm that a sender and receiver are communicating via vectors involving (1) replaying, (2) modifying, (3) inserting, or (4) deleting a single cell, and then observing cell recognition errors at the exit router. NOTE: the vendor disputes the significance of this issue, noting that the product's design "accepted end-to-end correlation as an attack that is too expensive to solve." |
|---|---|
| Summary | Tor v0.2.0.28, y posiblemente v0.2.0.34 y anteriores, permite a atacantes remotos, con el control de un enrutador de salida y otro de entrada, confirmar que un receptor y un remitente estan comunicandose a traves de los vectores (1) replaying, (2) modifying, (3) inserting, or (4) deleting a single cell, y despues observar los errores de reconocimiento de celula en el enrutador de salida. NOTA: El vendedor no esta de acuerda con la importancia de este hecho. |
| Publication Date | Feb. 21, 2009, 4:30 a.m. |
| Registration Date | Jan. 29, 2021, 1:15 p.m. |
| Last Update | April 23, 2026, 9:35 a.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:tor:tor:*:alpha:*:*:*:*:*:* | 0.2.0.34 | ||||
| cpe:2.3:a:tor:tor:0.2.0.1:alpha:*:*:*:*:*:* | |||||
| cpe:2.3:a:tor:tor:0.2.0.2:alpha:*:*:*:*:*:* | |||||
| cpe:2.3:a:tor:tor:0.2.0.3:alpha:*:*:*:*:*:* | |||||
| cpe:2.3:a:tor:tor:0.2.0.4:alpha:*:*:*:*:*:* | |||||
| cpe:2.3:a:tor:tor:0.2.0.5:alpha:*:*:*:*:*:* | |||||
| cpe:2.3:a:tor:tor:0.2.0.6:alpha:*:*:*:*:*:* | |||||
| cpe:2.3:a:tor:tor:0.2.0.7:alpha:*:*:*:*:*:* | |||||
| cpe:2.3:a:tor:tor:0.2.0.8:alpha:*:*:*:*:*:* | |||||
| cpe:2.3:a:tor:tor:0.2.0.9:alpha:*:*:*:*:*:* | |||||
| cpe:2.3:a:tor:tor:0.2.0.10:alpha:*:*:*:*:*:* | |||||
| cpe:2.3:a:tor:tor:0.2.0.11:alpha:*:*:*:*:*:* | |||||
| cpe:2.3:a:tor:tor:0.2.0.12:alpha:*:*:*:*:*:* | |||||
| cpe:2.3:a:tor:tor:0.2.0.13:alpha:*:*:*:*:*:* | |||||
| cpe:2.3:a:tor:tor:0.2.0.14:alpha:*:*:*:*:*:* | |||||
| cpe:2.3:a:tor:tor:0.2.0.15:alpha:*:*:*:*:*:* | |||||
| cpe:2.3:a:tor:tor:0.2.0.16:alpha:*:*:*:*:*:* | |||||
| cpe:2.3:a:tor:tor:0.2.0.17:alpha:*:*:*:*:*:* | |||||
| cpe:2.3:a:tor:tor:0.2.0.18:alpha:*:*:*:*:*:* | |||||
| cpe:2.3:a:tor:tor:0.2.0.19:alpha:*:*:*:*:*:* | |||||
| cpe:2.3:a:tor:tor:0.2.0.20:alpha:*:*:*:*:*:* | |||||
| cpe:2.3:a:tor:tor:0.2.0.21:alpha:*:*:*:*:*:* | |||||
| cpe:2.3:a:tor:tor:0.2.0.22:alpha:*:*:*:*:*:* | |||||
| cpe:2.3:a:tor:tor:0.2.0.23:alpha:*:*:*:*:*:* | |||||
| cpe:2.3:a:tor:tor:0.2.0.24:alpha:*:*:*:*:*:* | |||||
| cpe:2.3:a:tor:tor:0.2.0.25:alpha:*:*:*:*:*:* | |||||
| cpe:2.3:a:tor:tor:0.2.0.26:alpha:*:*:*:*:*:* | |||||
| cpe:2.3:a:tor:tor:0.2.0.27:alpha:*:*:*:*:*:* | |||||
| cpe:2.3:a:tor:tor:0.2.0.28:alpha:*:*:*:*:*:* | |||||
| cpe:2.3:a:tor:tor:0.2.0.29:alpha:*:*:*:*:*:* | |||||
| cpe:2.3:a:tor:tor:0.2.0.30:alpha:*:*:*:*:*:* | |||||
| cpe:2.3:a:tor:tor:0.2.0.31:alpha:*:*:*:*:*:* | |||||
| cpe:2.3:a:tor:tor:0.2.0.32:alpha:*:*:*:*:*:* | |||||