FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2014-5117

This CVE name corresponds to:

Entered Topic
2014-07-30 tor -- traffic confirmation attack

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2014-5117 at cve.mitre.org

Details

Type Candidate
Name CVE-2014-5117
Phase Assigned(20140730)

Description

Tor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a circuit after an inbound RELAY_EARLY cell is received by a client, which makes it easier for remote attackers to conduct traffic-confirmation attacks by using the pattern of RELAY and RELAY_EARLY cells as a means of communicating information about hidden service names.

References

Source Reference
MLIST [tor-announce] 20140730 Tor 0.2.4.23 is released
MLIST [tor-announce] 20140730 Tor security advisory: "relay early" traffic confirmation attack
MLIST [tor-talk] 20140730 Tor 0.2.5.6-alpha is out
CONFIRM https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack
CONFIRM https://trac.torproject.org/projects/tor/ticket/1038

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.