CVE-2006-3412

Description

Tor before 0.1.1.20 does not sufficiently obey certain firewall options, which allows remote attackers to bypass intended access restrictions for dirservers, direct connections, or proxy servers.

How to fix CVE-2006-3412

To remediate CVE-2006-3412, upgrade the affected package to a fixed version below.

• Debian/tor—upgrade to 0.1.1.20-1 or later

Is CVE-2006-3412 being exploited?

Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 0.1.1.20-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2006-3412