Lucene search

MitreCVE-2006-3419

HistoryJul 07, 2006 - 12:05 a.m.

CVE-2006-3419

2006-07-0700:05:00

mitre

web.nvd.nist.gov

cve-2006-3419

tor

openssl

rand_bytes

entropy

brute force

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.004

Percentile

73.4%

JSON

Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes (RAND_pseudo_bytes) instead of cryptographically strong RAND_bytes, and seeds the entropy value at start-up with 160-bit chunks without reseeding, which makes it easier for attackers to conduct brute force guessing attacks.

Affected configurations

Nvd

Node

tortorMatch0.0.2

tortorMatch0.0.2_pre13

tortorMatch0.0.2_pre14

tortorMatch0.0.2_pre15

tortorMatch0.0.2_pre16

tortorMatch0.0.2_pre17

tortorMatch0.0.2_pre18

tortorMatch0.0.2_pre19

tortorMatch0.0.2_pre20

tortorMatch0.0.2_pre21

tortorMatch0.0.2_pre22

tortorMatch0.0.2_pre23

tortorMatch0.0.2_pre24

tortorMatch0.0.2_pre25

tortorMatch0.0.2_pre26

tortorMatch0.0.2_pre27

tortorMatch0.0.3

tortorMatch0.0.4

tortorMatch0.0.5

tortorMatch0.0.6

tortorMatch0.0.6.1

tortorMatch0.0.6.2

tortorMatch0.0.7

tortorMatch0.0.7.1

tortorMatch0.0.7.2

tortorMatch0.0.7.3

tortorMatch0.0.8

tortorMatch0.0.8.1

tortorMatch0.0.9

tortorMatch0.0.9.1

tortorMatch0.0.9.2

tortorMatch0.0.9.3

tortorMatch0.0.9.4

tortorMatch0.0.9.5

tortorMatch0.0.9.6

tortorMatch0.0.9.7

tortorMatch0.0.9.8

tortorMatch0.0.9.9

tortorMatch0.0.9.10

tortorMatch0.1.0.1

tortorMatch0.1.0.2

tortorMatch0.1.0.3

tortorMatch0.1.0.4

tortorMatch0.1.0.5

tortorMatch0.1.0.6

tortorMatch0.1.0.7

tortorMatch0.1.0.8

tortorMatch0.1.0.9

tortorMatch0.1.0.10

tortorMatch0.1.0.11

tortorMatch0.1.0.12

tortorMatch0.1.0.13

tortorMatch0.1.0.14

tortorMatch0.1.0.15

tortorMatch0.1.0.16

tortorMatch0.1.0.17

tortorMatch0.1.0.18

tortorMatch0.1.0.19

tortorMatch0.1.1.1_alpha

tortorMatch0.1.1.2_alpha

tortorMatch0.1.1.3_alpha

tortorMatch0.1.1.4_alpha

tortorMatch0.1.1.5_alpha

tortorMatch0.1.1.6_alpha

tortorMatch0.1.1.7_alpha

tortorMatch0.1.1.8_alpha

tortorMatch0.1.1.9_alpha

tortorMatch0.1.1.10_alpha

VendorProductVersionCPE
tortor0.0.2cpe:2.3:a:tor:tor:0.0.2:*:*:*:*:*:*:*
tortor0.0.2_pre13cpe:2.3:a:tor:tor:0.0.2_pre13:*:*:*:*:*:*:*
tortor0.0.2_pre14cpe:2.3:a:tor:tor:0.0.2_pre14:*:*:*:*:*:*:*
tortor0.0.2_pre15cpe:2.3:a:tor:tor:0.0.2_pre15:*:*:*:*:*:*:*
tortor0.0.2_pre16cpe:2.3:a:tor:tor:0.0.2_pre16:*:*:*:*:*:*:*
tortor0.0.2_pre17cpe:2.3:a:tor:tor:0.0.2_pre17:*:*:*:*:*:*:*
tortor0.0.2_pre18cpe:2.3:a:tor:tor:0.0.2_pre18:*:*:*:*:*:*:*
tortor0.0.2_pre19cpe:2.3:a:tor:tor:0.0.2_pre19:*:*:*:*:*:*:*
tortor0.0.2_pre20cpe:2.3:a:tor:tor:0.0.2_pre20:*:*:*:*:*:*:*
tortor0.0.2_pre21cpe:2.3:a:tor:tor:0.0.2_pre21:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tor	tor	0.0.2	cpe:2.3:a:tor:tor:0.0.2:::::::*
tor	tor	0.0.2_pre13	cpe:2.3:a:tor:tor:0.0.2_pre13:::::::*
tor	tor	0.0.2_pre14	cpe:2.3:a:tor:tor:0.0.2_pre14:::::::*
tor	tor	0.0.2_pre15	cpe:2.3:a:tor:tor:0.0.2_pre15:::::::*
tor	tor	0.0.2_pre16	cpe:2.3:a:tor:tor:0.0.2_pre16:::::::*
tor	tor	0.0.2_pre17	cpe:2.3:a:tor:tor:0.0.2_pre17:::::::*
tor	tor	0.0.2_pre18	cpe:2.3:a:tor:tor:0.0.2_pre18:::::::*
tor	tor	0.0.2_pre19	cpe:2.3:a:tor:tor:0.0.2_pre19:::::::*
tor	tor	0.0.2_pre20	cpe:2.3:a:tor:tor:0.0.2_pre20:::::::*
tor	tor	0.0.2_pre21	cpe:2.3:a:tor:tor:0.0.2_pre21:::::::*

Rows per page:

1-10 of 681

References

secunia.com/advisories/20514

security.gentoo.org/glsa/glsa-200606-04.xml

tor.eff.org/cvs/tor/ChangeLog

www.osvdb.org/25880

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.004

Percentile

73.4%

JSON

Related for CVE-2006-3419