Vulnerability Description
Tor before 0.2.0.32 does not properly process the (1) User and (2) Group configuration options, which might allow local users to gain privileges by leveraging unintended supplementary group memberships of the Tor process.
CVSS Score
7.2
HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tor | Tor | <= 0.1.2.31 |
Related Weaknesses (CWE)
References
- http://blog.torproject.org/blog/tor-0.2.0.32-released
- http://secunia.com/advisories/33025Vendor Advisory
- http://secunia.com/advisories/34583
- http://security.gentoo.org/glsa/glsa-200904-11.xml
- http://www.securityfocus.com/bid/32648Patch
- http://www.vupen.com/english/advisories/2008/3366
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47101
- http://blog.torproject.org/blog/tor-0.2.0.32-released
- http://secunia.com/advisories/33025Vendor Advisory
- http://secunia.com/advisories/34583
- http://security.gentoo.org/glsa/glsa-200904-11.xml
- http://www.securityfocus.com/bid/32648Patch
- http://www.vupen.com/english/advisories/2008/3366
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47101
FAQ
What is CVE-2008-5397?
CVE-2008-5397 is a vulnerability with a CVSS score of 7.2 (HIGH). Tor before 0.2.0.32 does not properly process the (1) User and (2) Group configuration options, which might allow local users to gain privileges by leveraging unintended supplementary group membership...
How severe is CVE-2008-5397?
CVE-2008-5397 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-5397?
Check the references section above for vendor advisories and patch information. Affected products include: Tor Tor.