Vulnerability Description
Tor does not verify a node's uptime and bandwidth advertisements, which allows remote attackers who operate a low resource node to make false claims of greater resources, which places the node into use for many circuits and compromises the anonymity of traffic sources and destinations.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tor | Tor | <= 0.1.1.26 |
References
- http://archives.seul.org/or/talk/Feb-2007/msg00197.html
- http://archives.seul.org/or/talk/Feb-2007/msg00200.html
- http://archives.seul.org/or/talk/Feb-2007/msg00202.html
- http://osvdb.org/45249
- http://www.cs.colorado.edu/department/publications/reports/docs/CU-CS-1025-07.pd
- http://archives.seul.org/or/talk/Feb-2007/msg00197.html
- http://archives.seul.org/or/talk/Feb-2007/msg00200.html
- http://archives.seul.org/or/talk/Feb-2007/msg00202.html
- http://osvdb.org/45249
- http://www.cs.colorado.edu/department/publications/reports/docs/CU-CS-1025-07.pd
FAQ
What is CVE-2007-1103?
CVE-2007-1103 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Tor does not verify a node's uptime and bandwidth advertisements, which allows remote attackers who operate a low resource node to make false claims of greater resources, which places the node into us...
How severe is CVE-2007-1103?
CVE-2007-1103 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1103?
Check the references section above for vendor advisories and patch information. Affected products include: Tor Tor.