CVE-2008-5397 — TOR vulnerability

CWE-2647 documents7 sources

Severity

7.2HIGHNVD

EPSS

0.0%

top 86.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Torproject TOR TOR

Timeline

PublishedDec 9

Latest updateMay 17

Description

Tor before 0.2.0.32 does not properly process the (1) User and (2) Group configuration options, which might allow local users to gain privileges by leveraging unintended supplementary group memberships of the Tor process.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶Debiantorproject/tor< 0.2.0.32-1+3

▶NVDtor/tor0.1.2.31+99

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-f53f-xhf2-gxr5: Tor before 0↗2022-05-17

▶

OSV

CVE-2008-5397: Tor before 0↗2008-12-09

▶

CVEList

CVE-2008-5397: Tor before 0↗2008-12-09

▶

📋Vendor Advisories

Red Hat

tor: does not properly process User/Group configuration options (privilege escalation)↗2008-12-04

▶

Debian

CVE-2008-5397: tor - Tor before 0.2.0.32 does not properly process the (1) User and (2) Group configu...↗2008

▶

💬Community

Bugzilla

CVE-2008-5397 tor: does not properly process User/Group configuration options (privilege escalation)↗2008-12-09

▶