Vulnerability Description
Tor client before 0.1.1.20 prefers entry points based on is_fast or is_stable flags, which could allow remote attackers to be preferred over nodes that are identified as more trustworthy "entry guard" (is_guard) systems by directory authorities.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tor | Tor | 0.0.2 |
References
- http://secunia.com/advisories/20514PatchVendor Advisory
- http://security.gentoo.org/glsa/glsa-200606-04.xml
- http://tor.eff.org/cvs/tor/ChangeLog
- http://www.osvdb.org/25879
- http://secunia.com/advisories/20514PatchVendor Advisory
- http://security.gentoo.org/glsa/glsa-200606-04.xml
- http://tor.eff.org/cvs/tor/ChangeLog
- http://www.osvdb.org/25879
FAQ
What is CVE-2006-3417?
CVE-2006-3417 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Tor client before 0.1.1.20 prefers entry points based on is_fast or is_stable flags, which could allow remote attackers to be preferred over nodes that are identified as more trustworthy "entry guard"...
How severe is CVE-2006-3417?
CVE-2006-3417 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3417?
Check the references section above for vendor advisories and patch information. Affected products include: Tor Tor.