#VU7479 Session hijacking in Tor - CVE-2017-0377

Cybersecurity Help s.r.o.

Published: 2017-07-12

Vulnerability identifier: #VU7479

Vulnerability risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-0377

CWE-ID: CWE-384

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Tor
Client/Desktop applications / Web browsers

Vendor: tor.eff.org

Description
The vulnerability allows a remote unauthenticated user to hijack the target user's session.

The weakness exists due to guard-selection algorithm only considers the exit relay (not the exit relay's family). A remote attacker can leverage the existence of large families, defeat intended anonymity properties and steal the victim's session.

Mitigation
Update to version 0.3.0.9.

Vulnerable software versions

Tor: 0.3.0.0 - 0.3.0.8

External links
https://trac.torproject.org/projects/tor/ticket/22753
https://blog.torproject.org/blog/tor-0309-released-security-update-clients

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Session hijacking in Tor