Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2014-5117

Tor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a circuit after an inbound RELAY_EARLY cell is received by a client, which makes it easier for remote attackers to conduct traffic-confirmation attacks by using the pattern of RELAY and RELAY_EARLY cells as a means of communicating information about hidden service names.

Related bugs and status

CVE-2014-5117 (Candidate) is related to these bugs:

Bug #1369350: Version 0.2.4.20 is obsolete. Recommended versions are: 0.2.4.23,0.2.5.6-alpha,0.2.5.7-rc

Summary				In	Importance	Status
	1369350	Version 0.2.4.20 is obsolete. Recommended versions are: 0.2.4.23,0.2.5.6-alpha,0.2.5.7-rc		tor (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [tor-announce] 2014073...
MLIST: [tor-announce] 2014073...
MLIST: [tor-talk] 20140730 To...
CONFIRM: https://blog.torprojec...
CONFIRM: https://trac.torprojec...
SECUNIA: 60647
SECUNIA: 60084