CVE 2006-3410
Tor before 0.1.1.20 creates "internal circuits" primarily consisting of nodes with "useful exit nodes," which allows remote attackers to conduct unspecified statistical attacks.
See the 
CVE page on Mitre.org
for more details.
