PT-2010-2168 · Tor · Tor

Mike Perry

Published

2010-01-25

Updated

2010-01-26

CVE-2010-0385

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Tor versions prior to 0.2.1.22 Tor versions 0.2.2.x prior to 0.2.2.7-alpha

Description The issue allows remote attackers to obtain sensitive information about bridge identities and bridge descriptors via a dbg-stability.txt directory query when Tor is functioning as a bridge directory authority.

Recommendations For Tor versions prior to 0.2.1.22, update to version 0.2.1.22 or later. For Tor versions 0.2.2.x prior to 0.2.2.7-alpha, update to version 0.2.2.7-alpha or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2010-0385

Affected Products

Tor

PT-2010-2168 · Tor · Tor

CVE-2010-0385

Weakness Enumeration

Related Identifiers

Affected Products

References · 9