NVD

Id
42025  
Name
CVE-2013-7295  
Description
Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for (1) relay identity keys and (2) hidden-service identity keys, which might make it easier for remote attackers to bypass cryptographic protection mechanisms via unspecified vectors.  
Reject
 
CVSS Version
2  
CVSS Score
4  
Severity
Medium  
CVSS Base Score
4  
CVSS Impact Subscore
4.9  
CVSS Exploit Subscore
4.9  
CVSS Vector
(AV:N/AC:H/Au:N/C:P/I:P/A:N)  
Pub Date
2017-01-18  
Published
2014-01-17  
Modified Date
2014-02-11  
Seq
2013-7295  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
212169 42025 CVE-2013-7295 openSUSE-SU-2014:0143  View
212170 42025 CVE-2013-7295 [tor-talk] 20131223 Tor 0.2.4.20 is released  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
24290 JVNDB-2013-005865 Tor における暗号保護メカニズムを回避される脆弱性 Tor は、OpenSSL が Intel Sandy Bridge および Ivy Bridge プラットフォーム上の特定の HardwareAccel 設定と組み合わせて使用される場合、(1) relay identity 鍵および (2) hidden-service identity 鍵の乱数を適切に生成しないため、暗号保護メカニズムを回避される脆弱性が存在します。 CVE-2013-7295 67237 CVE-2013-7295 42025 4 http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-005865.html 2013-12-22 2014-01-23 View