Strix
26.1K

CVE-2009-0654

UnknownEPSS 2.12%

Last modified

CVE-2009-0654 is a vulnerability of currently unknown severity. Tor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote attackers, with control of an entry router and an exit router, to confirm that a sender and receiver are communicating via vectors involving (1) replaying, (2) modifying, (3) inserting, or (4) deleting a single cell, and then observing cell recognition errors at the exit router. NOTE: the vendor disputes the significance of this issue, noting that the product's design "accepted end-to-end correlation as an attack that is too expensive to solve.". EPSS estimates a 2.12% chance of exploitation in the next 30 days.

Description

Tor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote attackers, with control of an entry router and an exit router, to confirm that a sender and receiver are communicating via vectors involving (1) replaying, (2) modifying, (3) inserting, or (4) deleting a single cell, and then observing cell recognition errors at the exit router. NOTE: the vendor disputes the significance of this issue, noting that the product's design "accepted end-to-end correlation as an attack that is too expensive to solve."

Metrics

EPSS Probability
2.12%

79.5th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersionsUpdate
TorTor<= 0.2.0.34Alpha
TorTor0.2.0.1Alpha
TorTor0.2.0.2Alpha
TorTor0.2.0.3Alpha
TorTor0.2.0.4Alpha
TorTor0.2.0.5Alpha
TorTor0.2.0.6Alpha
TorTor0.2.0.7Alpha
TorTor0.2.0.8Alpha
TorTor0.2.0.9Alpha
TorTor0.2.0.10Alpha
TorTor0.2.0.11Alpha
TorTor0.2.0.12Alpha
TorTor0.2.0.13Alpha
TorTor0.2.0.14Alpha
TorTor0.2.0.15Alpha
TorTor0.2.0.16Alpha
TorTor0.2.0.17Alpha
TorTor0.2.0.18Alpha
TorTor0.2.0.19Alpha
TorTor0.2.0.20Alpha
TorTor0.2.0.21Alpha
TorTor0.2.0.22Alpha
TorTor0.2.0.23Alpha
TorTor0.2.0.24Alpha
TorTor0.2.0.25Alpha
TorTor0.2.0.26Alpha
TorTor0.2.0.27Alpha
TorTor0.2.0.28Alpha
TorTor0.2.0.29Alpha
TorTor0.2.0.30Alpha
TorTor0.2.0.31Alpha
TorTor0.2.0.32Alpha

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2009-0654?
Tor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote attackers, with control of an entry router and an exit router, to confirm that a sender and receiver are communicating via vectors involving (1) replaying, (2) modifying, (3) inserting, or (4) deleting a single cell, and then observing cell recognition errors at the exit router. NOTE: the vendor disputes the significance of this issue, noting that the product's design "accepted end-to-end correlation as an attack that is too expensive to solve."
How severe is CVE-2009-0654?
Severity scoring for CVE-2009-0654 is pending analysis. The EPSS model estimates a 2.12% probability of exploitation in the next 30 days.
How do I fix CVE-2009-0654?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2009-0654?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST