Vulnerability Description
Tor before 0.1.1.20 supports server descriptors that contain hostnames instead of IP addresses, which allows remote attackers to arbitrarily group users by providing preferential address resolution.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tor | Tor | 0.0.2 |
References
- http://secunia.com/advisories/20514PatchVendor Advisory
- http://security.gentoo.org/glsa/glsa-200606-04.xml
- http://tor.eff.org/cvs/tor/ChangeLog
- http://www.osvdb.org/25877
- http://secunia.com/advisories/20514PatchVendor Advisory
- http://security.gentoo.org/glsa/glsa-200606-04.xml
- http://tor.eff.org/cvs/tor/ChangeLog
- http://www.osvdb.org/25877
FAQ
What is CVE-2006-3414?
CVE-2006-3414 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Tor before 0.1.1.20 supports server descriptors that contain hostnames instead of IP addresses, which allows remote attackers to arbitrarily group users by providing preferential address resolution.
How severe is CVE-2006-3414?
CVE-2006-3414 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3414?
Check the references section above for vendor advisories and patch information. Affected products include: Tor Tor.