var-201709-0618
Vulnerability from variot
The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by leveraging access to the log files of a hidden service, because uninitialized stack data is included in an error message about construction of an introduction point circuit. Tor Contains a vulnerability related to information disclosure from log files.Information may be obtained. Tor is an implementation of the second generation of onion routing, which is mainly used to access the Internet anonymously. Tor is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-3993-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 06, 2017 https://www.debian.org/security/faq
Package : tor CVE ID : CVE-2017-0380
It was discovered that the Tor onion service could leak sensitive information to log files if the "SafeLogging" option is set to "0".
The oldstable distribution (jessie) is not affected.
For the stable distribution (stretch), this problem has been fixed in version 0.2.9.12-1.
We recommend that you upgrade your tor packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlnX+bUACgkQEMKTtsN8 Tjb5ehAAnG7JAqEQtjrUAenUy9wZtmsqA5AtFf6goHCw9uYZ0Co2rAZbRQYKeerw z9TtW/gyKZdYSmY2jd82E9rJTHfuNX7J37LIfNqb8CMLf+eW5shnqghPX+R+MfXU q99ufaKpdDrK8ZRg3ECXpvHXLyzgYvlm8KAX/6bnv0Kt6nNvE3LCDSXvDjGcGuX/ VEnfZMk6GnxlIp/op3uXPYQYKm7BrModTMx7iKoTlBwhdlxh8MwTBsrEH+aQvIUo ZCqqOdU31Av6OngBmIwnkFPq/4FjXvS/lkmpXP6y6g7RCIAc8yf72wk0lNR5OqBX 2svQyr5ZqBH3fCM9eSDUV4nBvC8xUEETZQpMZRUqlF/SJcO33Jh+R+UE3HHh1Imy ozoxnx+qiKUWoUuSXnPCetXKaWH3alJXkp2JDsmoSAVwW/VBeGylsuQ2nAeYTcOb fdpXRqrL+w/w7VXCIAJ3bCN5N8j6otRtMUAntHgXfqxx72Zk5MQrco7aiPvLzten VyKYFxQiRcBV/JFR37Unklkgf4TNxwXhgVe8M6AiVvyyRcH0v8zEKn7HX53h+fSM W27BweGIE9qpOQlo1m8XiQml/3J8aJhAbvuwRoIoiwKb9Xos6+YdxCqDOJiFArk3 ozt2+7pKmawWD3dJotVIu8tOMOC8lYdP5H0YLy6Qt3X3+zm1x3g= =7kef -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-0618",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tor",
"scope": "eq",
"trust": 1.9,
"vendor": "torproject",
"version": "0.3.1.5"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.9,
"vendor": "torproject",
"version": "0.3.0.10"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.6,
"vendor": "torproject",
"version": "0.3.0.8"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.6,
"vendor": "torproject",
"version": "0.3.0.9"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.6,
"vendor": "torproject",
"version": "0.3.1.3"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.6,
"vendor": "torproject",
"version": "0.3.1.6"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.6,
"vendor": "torproject",
"version": "0.3.1.2"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.6,
"vendor": "torproject",
"version": "0.3.2"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.6,
"vendor": "torproject",
"version": "0.3.1.1"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.6,
"vendor": "torproject",
"version": "0.3.1.4"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.3,
"vendor": "torproject",
"version": "0.3.0.0"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.3,
"vendor": "torproject",
"version": "0.2.9.11"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.3,
"vendor": "torproject",
"version": "0.2.9.0"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "torproject",
"version": "0.2.9.10"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "torproject",
"version": "0.3.0.6"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "torproject",
"version": "0.2.9.5"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "torproject",
"version": "0.3.0.1"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "torproject",
"version": "0.3.0.3"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "torproject",
"version": "0.2.9.2"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "torproject",
"version": "0.2.9.9"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "torproject",
"version": "0.2.9.8"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "torproject",
"version": "0.3.0.4"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "torproject",
"version": "0.2.9.4"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "torproject",
"version": "0.2.9.6"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "torproject",
"version": "0.3.0.5"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "torproject",
"version": "0.3.0.7"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "torproject",
"version": "0.3.0.2"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "torproject",
"version": "0.2.9.3"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "torproject",
"version": "0.2.9.1"
},
{
"model": "tor",
"scope": "lte",
"trust": 1.0,
"vendor": "torproject",
"version": "0.2.8.14"
},
{
"model": "tor",
"scope": null,
"trust": 0.8,
"vendor": "the tor",
"version": null
},
{
"model": "tor",
"scope": "lt",
"trust": 0.6,
"vendor": "tor",
"version": "0.2.8.15"
},
{
"model": "tor",
"scope": "eq",
"trust": 0.6,
"vendor": "tor",
"version": "0.2.9.*,\u003c0.2.9.12"
},
{
"model": "tor",
"scope": "eq",
"trust": 0.6,
"vendor": "tor",
"version": "0.3.0.*,\u003c0.3.0.11"
},
{
"model": "tor",
"scope": "eq",
"trust": 0.6,
"vendor": "tor",
"version": "0.3.1.*,\u003c0.3.1.7"
},
{
"model": "0.3.2.*,\u003c0.3.2.1-alpha",
"scope": null,
"trust": 0.6,
"vendor": "tor",
"version": null
},
{
"model": "tor",
"scope": "eq",
"trust": 0.3,
"vendor": "torproject",
"version": "0.3.1.0"
},
{
"model": "tor",
"scope": "eq",
"trust": 0.3,
"vendor": "torproject",
"version": "0.2.8.14"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "tor 0.3.2.1-alpha",
"scope": "ne",
"trust": 0.3,
"vendor": "torproject",
"version": null
},
{
"model": "tor",
"scope": "ne",
"trust": 0.3,
"vendor": "torproject",
"version": "0.3.1.7"
},
{
"model": "tor",
"scope": "ne",
"trust": 0.3,
"vendor": "torproject",
"version": "0.3.0.11"
},
{
"model": "tor",
"scope": "ne",
"trust": 0.3,
"vendor": "torproject",
"version": "0.2.9.12"
},
{
"model": "tor",
"scope": "ne",
"trust": 0.3,
"vendor": "torproject",
"version": "0.2.8.15"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-34623"
},
{
"db": "BID",
"id": "101222"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008306"
},
{
"db": "NVD",
"id": "CVE-2017-0380"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-858"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:torproject:tor:0.3.1.2:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:torproject:tor:0.3.1.3:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:torproject:tor:0.3.0.5:rc:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:torproject:tor:0.3.0.4:rc:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:torproject:tor:0.2.9.0:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:torproject:tor:0.2.9.1:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:torproject:tor:0.2.9.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:torproject:tor:0.2.9.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:torproject:tor:0.3.1.4:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:torproject:tor:0.3.1.5:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:torproject:tor:0.3.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:torproject:tor:0.3.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:torproject:tor:0.2.9.2:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:torproject:tor:0.2.9.3:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:torproject:tor:0.2.9.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:torproject:tor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.2.8.14",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:torproject:tor:0.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:torproject:tor:0.3.1.1:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:torproject:tor:0.3.0.2:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:torproject:tor:0.3.0.1:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:torproject:tor:0.3.0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:torproject:tor:0.2.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:torproject:tor:0.2.9.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:torproject:tor:0.2.9.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:torproject:tor:0.3.1.6:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:torproject:tor:0.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:torproject:tor:0.3.0.3:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:torproject:tor:0.3.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:torproject:tor:0.3.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:torproject:tor:0.2.9.4:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:torproject:tor:0.2.9.5:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-0380"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "101222"
}
],
"trust": 0.3
},
"cve": "CVE-2017-0380",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-0380",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-34623",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-0380",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-0380",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-34623",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-858",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-34623"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008306"
},
{
"db": "NVD",
"id": "CVE-2017-0380"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-858"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by leveraging access to the log files of a hidden service, because uninitialized stack data is included in an error message about construction of an introduction point circuit. Tor Contains a vulnerability related to information disclosure from log files.Information may be obtained. Tor is an implementation of the second generation of onion routing, which is mainly used to access the Internet anonymously. Tor is prone to an information-disclosure vulnerability. \nAttackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3993-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nOctober 06, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : tor\nCVE ID : CVE-2017-0380\n\nIt was discovered that the Tor onion service could leak sensitive\ninformation to log files if the \"SafeLogging\" option is set to \"0\". \n\nThe oldstable distribution (jessie) is not affected. \n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 0.2.9.12-1. \n\nWe recommend that you upgrade your tor packages. \n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlnX+bUACgkQEMKTtsN8\nTjb5ehAAnG7JAqEQtjrUAenUy9wZtmsqA5AtFf6goHCw9uYZ0Co2rAZbRQYKeerw\nz9TtW/gyKZdYSmY2jd82E9rJTHfuNX7J37LIfNqb8CMLf+eW5shnqghPX+R+MfXU\nq99ufaKpdDrK8ZRg3ECXpvHXLyzgYvlm8KAX/6bnv0Kt6nNvE3LCDSXvDjGcGuX/\nVEnfZMk6GnxlIp/op3uXPYQYKm7BrModTMx7iKoTlBwhdlxh8MwTBsrEH+aQvIUo\nZCqqOdU31Av6OngBmIwnkFPq/4FjXvS/lkmpXP6y6g7RCIAc8yf72wk0lNR5OqBX\n2svQyr5ZqBH3fCM9eSDUV4nBvC8xUEETZQpMZRUqlF/SJcO33Jh+R+UE3HHh1Imy\nozoxnx+qiKUWoUuSXnPCetXKaWH3alJXkp2JDsmoSAVwW/VBeGylsuQ2nAeYTcOb\nfdpXRqrL+w/w7VXCIAJ3bCN5N8j6otRtMUAntHgXfqxx72Zk5MQrco7aiPvLzten\nVyKYFxQiRcBV/JFR37Unklkgf4TNxwXhgVe8M6AiVvyyRcH0v8zEKn7HX53h+fSM\nW27BweGIE9qpOQlo1m8XiQml/3J8aJhAbvuwRoIoiwKb9Xos6+YdxCqDOJiFArk3\nozt2+7pKmawWD3dJotVIu8tOMOC8lYdP5H0YLy6Qt3X3+zm1x3g=\n=7kef\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-0380"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008306"
},
{
"db": "CNVD",
"id": "CNVD-2017-34623"
},
{
"db": "BID",
"id": "101222"
},
{
"db": "PACKETSTORM",
"id": "144540"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-0380",
"trust": 3.4
},
{
"db": "SECTRACK",
"id": "1039519",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008306",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-34623",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "37666",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201709-858",
"trust": 0.6
},
{
"db": "BID",
"id": "101222",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "144540",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-34623"
},
{
"db": "BID",
"id": "101222"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008306"
},
{
"db": "PACKETSTORM",
"id": "144540"
},
{
"db": "NVD",
"id": "CVE-2017-0380"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-858"
}
]
},
"id": "VAR-201709-0618",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-34623"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-34623"
}
]
},
"last_update_date": "2023-12-18T13:29:10.261000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Fix log-uninitialized-stack bug in rend_service_intro_established.",
"trust": 0.8,
"url": "https://github.com/torproject/tor/commit/09ea89764a4d3a907808ed7d4fe42abfe64bd486"
},
{
"title": "Fix TROVE-2017-008: Stack disclosure in hidden services logs when SafeLogging disabled",
"trust": 0.8,
"url": "https://trac.torproject.org/projects/tor/ticket/23490"
},
{
"title": "Patch for Tor \u0027rend_service_intro_established\u0027 function sensitive information disclosure vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/106424"
},
{
"title": "Tor Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=74964"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-34623"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008306"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-858"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-532",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008306"
},
{
"db": "NVD",
"id": "CVE-2017-0380"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://github.com/torproject/tor/commit/09ea89764a4d3a907808ed7d4fe42abfe64bd486"
},
{
"trust": 1.9,
"url": "https://trac.torproject.org/projects/tor/ticket/23490"
},
{
"trust": 1.0,
"url": "http://www.debian.org/security/2017/dsa-3993"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1039519"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-0380"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0380"
},
{
"trust": 0.6,
"url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0380"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/37666"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493513"
},
{
"trust": 0.3,
"url": "https://www.torproject.org/index.html.en"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-34623"
},
{
"db": "BID",
"id": "101222"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008306"
},
{
"db": "PACKETSTORM",
"id": "144540"
},
{
"db": "NVD",
"id": "CVE-2017-0380"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-858"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-34623"
},
{
"db": "BID",
"id": "101222"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008306"
},
{
"db": "PACKETSTORM",
"id": "144540"
},
{
"db": "NVD",
"id": "CVE-2017-0380"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-858"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-34623"
},
{
"date": "2017-09-18T00:00:00",
"db": "BID",
"id": "101222"
},
{
"date": "2017-10-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008306"
},
{
"date": "2017-10-09T15:42:49",
"db": "PACKETSTORM",
"id": "144540"
},
{
"date": "2017-09-18T16:29:00.207000",
"db": "NVD",
"id": "CVE-2017-0380"
},
{
"date": "2017-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-858"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-34623"
},
{
"date": "2017-09-18T00:00:00",
"db": "BID",
"id": "101222"
},
{
"date": "2017-10-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008306"
},
{
"date": "2017-11-06T02:29:00.663000",
"db": "NVD",
"id": "CVE-2017-0380"
},
{
"date": "2017-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-858"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-858"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tor Vulnerable to information disclosure from log files",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008306"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-858"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.