Red Hat Bugzilla – Bug 486706
CVE-2009-0654 tor: allows breaking its anonymity via single cell
Last modified: 2011-01-20 16:46:27 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-0654 to
the following vulnerability:
Tor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote
attackers, with control of an entry router and an exit router, to
confirm that a sender and receiver are communicating via vectors
involving (1) replaying, (2) modifying, (3) inserting, or (4) deleting
a single cell, and then observing cell recognition errors at the exit
router. NOTE: the vendor disputes the significance of this issue,
noting that the product's design "accepted end-to-end correlation as
an attack that is too expensive to solve."
We do not have any supported products with tor 0.2.0.x, so closing this.