fkie_cve-2006-3418
Vulnerability from fkie_nvd
Published
2006-07-07 00:05
Modified
2025-04-03 01:03
Severity ?
Summary
Tor before 0.1.1.20 does not validate that a server descriptor's fingerprint line matches its identity key, which allows remote attackers to spoof the fingerprint line, which might be trusted by users or other applications.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tor | tor | 0.0.2 | |
| tor | tor | 0.0.2_pre13 | |
| tor | tor | 0.0.2_pre14 | |
| tor | tor | 0.0.2_pre15 | |
| tor | tor | 0.0.2_pre16 | |
| tor | tor | 0.0.2_pre17 | |
| tor | tor | 0.0.2_pre18 | |
| tor | tor | 0.0.2_pre19 | |
| tor | tor | 0.0.2_pre20 | |
| tor | tor | 0.0.2_pre21 | |
| tor | tor | 0.0.2_pre22 | |
| tor | tor | 0.0.2_pre23 | |
| tor | tor | 0.0.2_pre24 | |
| tor | tor | 0.0.2_pre25 | |
| tor | tor | 0.0.2_pre26 | |
| tor | tor | 0.0.2_pre27 | |
| tor | tor | 0.0.3 | |
| tor | tor | 0.0.4 | |
| tor | tor | 0.0.5 | |
| tor | tor | 0.0.6 | |
| tor | tor | 0.0.6.1 | |
| tor | tor | 0.0.6.2 | |
| tor | tor | 0.0.7 | |
| tor | tor | 0.0.7.1 | |
| tor | tor | 0.0.7.2 | |
| tor | tor | 0.0.7.3 | |
| tor | tor | 0.0.8 | |
| tor | tor | 0.0.8.1 | |
| tor | tor | 0.0.9 | |
| tor | tor | 0.0.9.1 | |
| tor | tor | 0.0.9.2 | |
| tor | tor | 0.0.9.3 | |
| tor | tor | 0.0.9.4 | |
| tor | tor | 0.0.9.5 | |
| tor | tor | 0.0.9.6 | |
| tor | tor | 0.0.9.7 | |
| tor | tor | 0.0.9.8 | |
| tor | tor | 0.0.9.9 | |
| tor | tor | 0.0.9.10 | |
| tor | tor | 0.1.0.1 | |
| tor | tor | 0.1.0.2 | |
| tor | tor | 0.1.0.3 | |
| tor | tor | 0.1.0.4 | |
| tor | tor | 0.1.0.5 | |
| tor | tor | 0.1.0.6 | |
| tor | tor | 0.1.0.7 | |
| tor | tor | 0.1.0.8 | |
| tor | tor | 0.1.0.9 | |
| tor | tor | 0.1.0.10 | |
| tor | tor | 0.1.0.11 | |
| tor | tor | 0.1.0.12 | |
| tor | tor | 0.1.0.13 | |
| tor | tor | 0.1.0.14 | |
| tor | tor | 0.1.0.15 | |
| tor | tor | 0.1.0.16 | |
| tor | tor | 0.1.0.17 | |
| tor | tor | 0.1.0.18 | |
| tor | tor | 0.1.0.19 | |
| tor | tor | 0.1.1.1_alpha | |
| tor | tor | 0.1.1.2_alpha | |
| tor | tor | 0.1.1.3_alpha | |
| tor | tor | 0.1.1.4_alpha | |
| tor | tor | 0.1.1.5_alpha | |
| tor | tor | 0.1.1.6_alpha | |
| tor | tor | 0.1.1.7_alpha | |
| tor | tor | 0.1.1.8_alpha | |
| tor | tor | 0.1.1.9_alpha | |
| tor | tor | 0.1.1.10_alpha |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tor:tor:0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FD529C5A-D6E8-4FFD-B552-B91A9BD409F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.0.2_pre13:*:*:*:*:*:*:*",
"matchCriteriaId": "4490AC9B-E8D8-4C97-866B-AB76AB2536F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.0.2_pre14:*:*:*:*:*:*:*",
"matchCriteriaId": "0DBA48C9-C0CA-41C8-BDD3-0E69ED7AAC8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.0.2_pre15:*:*:*:*:*:*:*",
"matchCriteriaId": "9A8970D3-4C0B-4B6F-BEB4-08FF20FAEBF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.0.2_pre16:*:*:*:*:*:*:*",
"matchCriteriaId": "2A2A2B60-8D31-4B59-8407-9CE62709906A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.0.2_pre17:*:*:*:*:*:*:*",
"matchCriteriaId": "CDE02B1D-AA25-4364-8E54-583A0304FA69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.0.2_pre18:*:*:*:*:*:*:*",
"matchCriteriaId": "DE3AB095-3F57-4922-BC12-0842FA158555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.0.2_pre19:*:*:*:*:*:*:*",
"matchCriteriaId": "F066E4A3-BE6F-4FF7-AE7A-C8E3A33D7197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.0.2_pre20:*:*:*:*:*:*:*",
"matchCriteriaId": "811FD436-8BD2-463A-8072-A915FFCA33C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.0.2_pre21:*:*:*:*:*:*:*",
"matchCriteriaId": "83F107CD-7334-4D9D-AEFF-FA5F8DE72576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.0.2_pre22:*:*:*:*:*:*:*",
"matchCriteriaId": "07EB2211-D97D-47EF-94D1-01E7A3879BC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.0.2_pre23:*:*:*:*:*:*:*",
"matchCriteriaId": "28DC8889-4E65-46D0-AA68-6390757862D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.0.2_pre24:*:*:*:*:*:*:*",
"matchCriteriaId": "4E4C7373-82F1-49E6-90D6-7A02AC52F255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.0.2_pre25:*:*:*:*:*:*:*",
"matchCriteriaId": "7F3D847A-D8F1-40CE-AE33-A397654C55B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.0.2_pre26:*:*:*:*:*:*:*",
"matchCriteriaId": "8B3A2CE6-F8DE-4B8A-BEEA-6732E4342792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.0.2_pre27:*:*:*:*:*:*:*",
"matchCriteriaId": "D9238A5E-28EA-405A-8CF9-7410CB2CA6EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7301BA35-2522-4144-83C2-6A3A6D329A8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "37993416-D81F-4F6B-AB2C-16F351BE68D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "295C826F-CBEB-4BA2-A760-22D58D231BBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D230B213-4A35-488F-A4B5-87F77BD65E5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AFF88062-8726-4C1D-8F93-ABA0B1654656",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A710565-6960-4D46-A1EB-86FE0927A66D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "81F6C954-7C0A-41E5-9719-26082E40C5E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43784D06-2D2A-46D1-ADE2-B947B3F10F33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "196BF37C-CD62-4D4C-A716-827B0E6A5065",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "20076B65-48E6-4DA2-BDA1-AC4F904B449D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "48A2CCAD-397B-4037-B99B-F0A622FAF8D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "50E74056-DD32-49E6-808A-5A9B755F1DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6E2103A8-0F3F-4226-A5D8-4BF239FD6636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FDA35257-80F6-4DDF-94EF-ABE1ED039ED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0490AB18-A839-400D-88E2-D918B1EEFA00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DBED980F-A8B9-4C44-957C-FD18867B1799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3E033E0C-C7F6-4910-A795-28BA60E9431A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5AAAACA5-F431-4D83-B04D-EC9A81C96184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A1D5B46C-E7D3-495F-861C-12324F09EC9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.0.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "639E3063-34CC-4AE2-B055-92D36ECAADF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C5305AF8-E26C-44A1-B546-AAC5D1C2D053",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "48DCAB29-4EF2-4A50-A941-DA5D89E27D51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.0.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "33928D26-39DF-4E15-9979-F9484913C219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A8F70D6-4B9C-4131-A419-4AD9325DFFC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48B8A291-E1F7-444F-8C5B-C3C38541B3D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24581D9F-02AF-42E6-A3D7-9CAD43E26477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B978E3E-69D7-46BD-BD88-1409A546FF66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E7FED829-128A-4F87-9838-AD0C9C11E458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3A39B543-5978-46FC-AF85-D635D87E3B92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE0BE0D-F509-4A91-BDD7-A0A8324498D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "803498D9-C750-4D16-8ADF-2F98E71888A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "65F6A78C-76E9-4A5F-92BD-B16D1CBE934F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C04309D4-FEA8-47EA-BB9A-8CBD341B475F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8607F3C9-F185-4B87-8A1B-B9495A4F244D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "525A0E09-D4CF-42AA-8EB2-47E0E6CBA179",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "667201BB-5FDA-4E51-B865-0AF8507DBCDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C1BA7280-1DF3-4A98-AFD2-C67406A32EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D70542A1-34B3-4EBF-BAA7-6B009CCFD22C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6F2DADBB-D90B-4B9D-B9DA-65AC39C61043",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "DB01B6B6-66C3-443B-BA3D-0DB17BDCC0BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "D4E6BA17-6AE9-45ED-A8C3-F79463F427BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7D396C-36CA-4579-BCA0-672440CB5CCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.1.1.1_alpha:*:*:*:*:*:*:*",
"matchCriteriaId": "811CE708-CEE6-4B0F-98E5-E138C06EA382",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.1.1.2_alpha:*:*:*:*:*:*:*",
"matchCriteriaId": "6860F802-FEC2-449A-A5FC-AFACCA8633CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.1.1.3_alpha:*:*:*:*:*:*:*",
"matchCriteriaId": "A4CA23F0-7C49-430E-AD20-7C7BDCC1EEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.1.1.4_alpha:*:*:*:*:*:*:*",
"matchCriteriaId": "D4D9E677-01D2-4800-82AA-F5585475D500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.1.1.5_alpha:*:*:*:*:*:*:*",
"matchCriteriaId": "9C589D4F-60B3-450B-860A-9975BB47BBE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.1.1.6_alpha:*:*:*:*:*:*:*",
"matchCriteriaId": "DA331167-6A2F-402F-A28F-9EE7B6F20207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.1.1.7_alpha:*:*:*:*:*:*:*",
"matchCriteriaId": "F42AB6B3-7BD8-4B55-B269-DCA664A25FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.1.1.8_alpha:*:*:*:*:*:*:*",
"matchCriteriaId": "D4740B10-EFB8-4F79-88C1-9B6F5897A71C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.1.1.9_alpha:*:*:*:*:*:*:*",
"matchCriteriaId": "31CA7556-D132-4E81-8E13-C7E025AF20AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tor:tor:0.1.1.10_alpha:*:*:*:*:*:*:*",
"matchCriteriaId": "D224FA8D-4C5A-48BE-92F2-1EC57782046D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tor before 0.1.1.20 does not validate that a server descriptor\u0027s fingerprint line matches its identity key, which allows remote attackers to spoof the fingerprint line, which might be trusted by users or other applications."
},
{
"lang": "es",
"value": ""
}
],
"id": "CVE-2006-3418",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-07-07T00:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20514"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200606-04.xml"
},
{
"source": "cve@mitre.org",
"url": "http://tor.eff.org/cvs/tor/ChangeLog"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/25881"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20514"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200606-04.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tor.eff.org/cvs/tor/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/25881"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…