CVE-2007-4098 Information

Description

Tor before 0.1.2.15 does not properly distinguish \streamids from different exits\ which might allow remote attackers with control over Tor routers to inject cells into arbitrary streams.

Reference

http://archives.seul.org/or/announce/Jul-2007/msg00000.html http://osvdb.org/46970 http://secunia.com/advisories/26140 http://www.securityfocus.com/bid/25035 http://www.vupen.com/english/advisories/2007/2634