CVE-2006-6893 - Vulnerability Details - OpenCVE

Tor allows remote attackers to discover the IP address of a hidden service by accessing this service at a high rate, thereby changing the server's CPU temperature and consequently changing the pattern of time values visible through (1) ICMP timestamps, (2) TCP sequence numbers, and (3) TCP timestamps, a different vulnerability than CVE-2006-0414. NOTE: it could be argued that this is a laws-of-physics vulnerability that is a fundamental design limitation of certain hardware implementations, so perhaps this issue should not be included in CVE.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00376.

Key SSVC decision points have not yet been added.

Vendors	Products
Tor	Tor

Configuration 1 [-]

cpe:2.3:a:tor:tor:0.1.1.26:*:*:*:*:*:*:*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://events.ccc.de/congress/2006/Fahrplan/events/1513.en.html
http://www.cl.cam.ac.uk/~sjm217/papers/ccs06hotornot.pdf
http://www.lightbluetouchpaper.org/2006/09/04/hot-or-not-revealing-hidden-services-by-their-clock-skew/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-01-08T20:00:00Z

Updated: 2024-09-17T04:24:29.119Z

Reserved: 2007-01-08T00:00:00Z

Link: CVE-2006-6893

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-12-31T05:00:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2006-6893

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Tor allows remote attackers to discover the IP address of a hidden service by accessing this service at a high rate, thereby changing the server's CPU temperature and consequently changing the pattern of time values visible through (1) ICMP timestamps, (2) TCP sequence numbers, and (3) TCP timestamps, a different vulnerability than CVE-2006-0414. NOTE: it could be argued that this is a laws-of-physics vulnerability that is a fundamental design limitation of certain hardware implementations, so perhaps this issue should not be included in CVE."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2007-01-08T20:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://events.ccc.de/congress/2006/Fahrplan/events/1513.en.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.lightbluetouchpaper.org/2006/09/04/hot-or-not-revealing-hidden-services-by-their-clock-skew/"}, {"tags": ["x_refsource_MISC"], "url": "http://www.cl.cam.ac.uk/~sjm217/papers/ccs06hotornot.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-6893", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Tor allows remote attackers to discover the IP address of a hidden service by accessing this service at a high rate, thereby changing the server's CPU temperature and consequently changing the pattern of time values visible through (1) ICMP timestamps, (2) TCP sequence numbers, and (3) TCP timestamps, a different vulnerability than CVE-2006-0414. NOTE: it could be argued that this is a laws-of-physics vulnerability that is a fundamental design limitation of certain hardware implementations, so perhaps this issue should not be included in CVE."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://events.ccc.de/congress/2006/Fahrplan/events/1513.en.html", "refsource": "MISC", "url": "http://events.ccc.de/congress/2006/Fahrplan/events/1513.en.html"}, {"name": "http://www.lightbluetouchpaper.org/2006/09/04/hot-or-not-revealing-hidden-services-by-their-clock-skew/", "refsource": "MISC", "url": "http://www.lightbluetouchpaper.org/2006/09/04/hot-or-not-revealing-hidden-services-by-their-clock-skew/"}, {"name": "http://www.cl.cam.ac.uk/~sjm217/papers/ccs06hotornot.pdf", "refsource": "MISC", "url": "http://www.cl.cam.ac.uk/~sjm217/papers/ccs06hotornot.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:42:07.539Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://events.ccc.de/congress/2006/Fahrplan/events/1513.en.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.lightbluetouchpaper.org/2006/09/04/hot-or-not-revealing-hidden-services-by-their-clock-skew/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.cl.cam.ac.uk/~sjm217/papers/ccs06hotornot.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-6893", "datePublished": "2007-01-08T20:00:00Z", "dateReserved": "2007-01-08T00:00:00Z", "dateUpdated": "2024-09-17T04:24:29.119Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tor:tor:0.1.1.26:*:*:*:*:*:*:*", "matchCriteriaId": "BB51EE46-D720-4C1F-8992-67F4422E43CB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Tor allows remote attackers to discover the IP address of a hidden service by accessing this service at a high rate, thereby changing the server's CPU temperature and consequently changing the pattern of time values visible through (1) ICMP timestamps, (2) TCP sequence numbers, and (3) TCP timestamps, a different vulnerability than CVE-2006-0414. NOTE: it could be argued that this is a laws-of-physics vulnerability that is a fundamental design limitation of certain hardware implementations, so perhaps this issue should not be included in CVE."}, {"lang": "es", "value": "Tor permite a atacantes remotos descubrir la direcci\u00f3n IP de un servicio oculto accediendo a este servicio a un alto ritmo de repetici\u00f3n, y por tanto cambiando la temperatura de la CPU y consecuentemente cambiando el patr\u00f3n de valores de tiempo visibles a trav\u00e9s de (1) marcas de tiempo ICMP, (2) n\u00fameros de secuencia TCP, y (3) marcas de tiempo TCP, una vulnerabilidad distinta de CVE-2006-0414. NOTA: podr\u00eda argumentarse que esto es una vulnerabilidad de las leyes de la f\u00edsica que es una limitaci\u00f3n fundamental de dise\u00f1o de determinadas implementaciones de hardware, por tanto quiz\u00e1s este problema no deber\u00eda ser incluido en CVE."}], "id": "CVE-2006-6893", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-12-31T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://events.ccc.de/congress/2006/Fahrplan/events/1513.en.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.cl.cam.ac.uk/~sjm217/papers/ccs06hotornot.pdf"}, {"source": "cve@mitre.org", "url": "http://www.lightbluetouchpaper.org/2006/09/04/hot-or-not-revealing-hidden-services-by-their-clock-skew/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://events.ccc.de/congress/2006/Fahrplan/events/1513.en.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.cl.cam.ac.uk/~sjm217/papers/ccs06hotornot.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.lightbluetouchpaper.org/2006/09/04/hot-or-not-revealing-hidden-services-by-their-clock-skew/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}