Vulnerability CVE-2012-4922 - CERT Civis.Net

Vulnerability Name:

CVE-2012-4922 (CCN-78793)

Assigned:

2012-09-11

Published:

2012-09-11

Updated:

2013-08-22

Summary:

The tor_timegm function in common/util.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.22-rc, does not properly validate time values, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed directory object, a different vulnerability than CVE-2012-4419.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2012-4922

Source: FEDORA
Type: UNKNOWN
FEDORA-2012-14638

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2012:1278

Source: MLIST
Type: UNKNOWN
[oss-security] 20120912 CVE id request: tor

Source: GENTOO
Type: UNKNOWN
GLSA-201301-03

Source: XF
Type: UNKNOWN
tor-tortimegm-dos(78793)

Source: CCN
Type: torproject Web Site
bump to 0.2.2.39

Source: CONFIRM
Type: UNKNOWN
https://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ReleaseNotes

Source: CONFIRM
Type: UNKNOWN
https://gitweb.torproject.org/tor.git/commit/973c18bf0e84d14d8006a9ae97fde7f7fb97e404

Source: MLIST
Type: UNKNOWN
[tor-talk] 20120912 Tor 0.2.3.22-rc is out

Source: CONFIRM
Type: UNKNOWN
https://trac.torproject.org/projects/tor/ticket/6811

Vulnerable Configuration:

Configuration 1:

cpe:/a:torproject:tor:0.0.2:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.0.2:pre13:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.0.2:pre14:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.0.2:pre15:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.0.2:pre16:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.0.2:pre17:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.0.2:pre18:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.0.2:pre19:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.0.2:pre20:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.0.2:pre21:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.0.2:pre22:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.0.2:pre23:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.0.2:pre24:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.0.2:pre25:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.0.2:pre26:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.0.2:pre27:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.0.3:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.0.4:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.0.5:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.0.6:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.0.6.1:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.0.6.2:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.0.7:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.0.7.1:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.0.7.2:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.0.7.3:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.0.8.1:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.0.9.1:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.0.9.2:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.0.9.3:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.0.9.4:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.0.9.5:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.0.9.6:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.0.9.7:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.0.9.8:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.0.9.9:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.0.9.10:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.1.0.10:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.1.0.11:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.1.0.12:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.1.0.13:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.1.0.14:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.1.0.15:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.1.0.16:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.1.0.17:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.1.1.20:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.1.1.21:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.1.1.22:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.1.1.23:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.1.1.24:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.1.1.25:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.1.1.26:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.1.2.13:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.1.2.14:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.1.2.15:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.1.2.16:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.1.2.17:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.1.2.18:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.1.2.19:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.2.0.30:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.2.0.31:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.2.0.32:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.2.0.33:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.2.0.34:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.2.0.35:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.2.2.18:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.2.2.19:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.2.2.20:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.2.2.21:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.2.2.22:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.2.2.23:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.2.2.24:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.2.2.25:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.2.2.26:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.2.2.27:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.2.2.28:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.2.2.29:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.2.2.30:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.2.2.31:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.2.2.32:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.2.2.33:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.2.2.34:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.2.2.35:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.2.2.36:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.2.2.37:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:*:*:*:*:*:*:*:* (Version <= 0.2.2.38)

OR cpe:/a:torproject:tor:0.2.3:*:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.2.3.13:alpha:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.2.3.14:alpha:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.2.3.15:alpha:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.2.3.16:alpha:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.2.3.17:beta:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.2.3.18:rc:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.2.3.19:rc:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.2.3.20:rc:*:*:*:*:*:*

OR cpe:/a:torproject:tor:0.2.3.21:rc:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20124922	V	CVE-2012-4922	2022-06-30
oval:org.opensuse.security:def:113538	P	tor-0.2.8.11-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:106933	P	tor-0.2.8.11-1.1 on GA media (Moderate)	2021-10-01
oval:com.ubuntu.precise:def:20124922000	V	CVE-2012-4922 on Ubuntu 12.04 LTS (precise) - untriaged.	2012-09-14
oval:com.ubuntu.xenial:def:201249220000000	V	CVE-2012-4922 on Ubuntu 16.04 LTS (xenial) - untriaged.	2012-09-14
oval:com.ubuntu.trusty:def:20124922000	V	CVE-2012-4922 on Ubuntu 14.04 LTS (trusty) - untriaged.	2012-09-14
oval:com.ubuntu.xenial:def:20124922000	V	CVE-2012-4922 on Ubuntu 16.04 LTS (xenial) - untriaged.	2012-09-14