FreeBSD : tor -- diffie-hellman handshake flaw (5fde5c30-0f4e-11da-bc01-000e0c2e438a)

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

A tor advisory reports

Tor clients can completely loose anonymity, confidentiality, and data
integrity if the first Tor server in their path is malicious.
Specifically, if the Tor client chooses a malicious Tor server for her
first hop in the circuit, that server can learn all the keys she
negotiates for the rest of the circuit (or just spoof the whole
circuit), and then read and/or modify all her traffic over that
circuit.

See also :

http://archives.seul.org/or/announce/Aug-2005/msg00002.html
http://www.nessus.org/u?c176e35b

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 21434 (freebsd_pkg_5fde5c300f4e11dabc01000e0c2e438a.nasl)

Bugtraq ID:

CVE ID: CVE-2005-2643

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now