CVE-2017-16639 - OpenCVE

Tor Browser on Windows before 8.0 allows remote attackers to bypass the intended anonymity feature and discover a client IP address, a different vulnerability than CVE-2017-16541. User interaction is required to trigger this vulnerability.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows
Torproject	Tor Browser

Configuration 1 [-]

AND

cpe:2.3:a:torproject:tor_browser:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/149351/Tor-Browser-SMB-Deanonymization-Information-Disclosure.html
http://www.securityfocus.com/bid/105346
https://seclists.org/bugtraq/2018/Sep/29
https://www.wearesegment.com/research/tor-browser-deanonymization-with-smb/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-09-14T21:00:00

Updated: 2024-08-05T20:27:04.308Z

Reserved: 2017-11-07T00:00:00

Link: CVE-2017-16639

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-09-14T21:29:03.100

Modified: 2018-11-26T21:34:04.967

Link: CVE-2017-16639

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-09-12T00:00:00", "descriptions": [{"lang": "en", "value": "Tor Browser on Windows before 8.0 allows remote attackers to bypass the intended anonymity feature and discover a client IP address, a different vulnerability than CVE-2017-16541. User interaction is required to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-09-18T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.wearesegment.com/research/tor-browser-deanonymization-with-smb/"}, {"name": "20180912 CVE-2017-16639 - Tor Browser Deanonymization With SMB", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2018/Sep/29"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/149351/Tor-Browser-SMB-Deanonymization-Information-Disclosure.html"}, {"name": "105346", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/105346"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16639", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Tor Browser on Windows before 8.0 allows remote attackers to bypass the intended anonymity feature and discover a client IP address, a different vulnerability than CVE-2017-16541. User interaction is required to trigger this vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.wearesegment.com/research/tor-browser-deanonymization-with-smb/", "refsource": "MISC", "url": "https://www.wearesegment.com/research/tor-browser-deanonymization-with-smb/"}, {"name": "20180912 CVE-2017-16639 - Tor Browser Deanonymization With SMB", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2018/Sep/29"}, {"name": "http://packetstormsecurity.com/files/149351/Tor-Browser-SMB-Deanonymization-Information-Disclosure.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/149351/Tor-Browser-SMB-Deanonymization-Information-Disclosure.html"}, {"name": "105346", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105346"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T20:27:04.308Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.wearesegment.com/research/tor-browser-deanonymization-with-smb/"}, {"name": "20180912 CVE-2017-16639 - Tor Browser Deanonymization With SMB", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2018/Sep/29"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/149351/Tor-Browser-SMB-Deanonymization-Information-Disclosure.html"}, {"name": "105346", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/105346"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-16639", "datePublished": "2018-09-14T21:00:00", "dateReserved": "2017-11-07T00:00:00", "dateUpdated": "2024-08-05T20:27:04.308Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:torproject:tor_browser:*:*:*:*:*:*:*:*", "matchCriteriaId": "75CDAF47-C531-4AB1-8274-424531102F68", "versionEndExcluding": "8.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Tor Browser on Windows before 8.0 allows remote attackers to bypass the intended anonymity feature and discover a client IP address, a different vulnerability than CVE-2017-16541. User interaction is required to trigger this vulnerability."}, {"lang": "es", "value": "Tor Browser en Windows en versiones anteriores a la 8.0 permite que atacantes remotos omitan la caracter\u00edstica de anonimato planeada y descubrir una direcci\u00f3n IP de cliente. Esta vulnerabilidad es diferente de CVE-2017-16541. Se requiere interacci\u00f3n del usuario para explotar esta vulnerabilidad."}], "id": "CVE-2017-16639", "lastModified": "2018-11-26T21:34:04.967", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-09-14T21:29:03.100", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/149351/Tor-Browser-SMB-Deanonymization-Information-Disclosure.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105346"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2018/Sep/29"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.wearesegment.com/research/tor-browser-deanonymization-with-smb/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}