Vulnerability Description
Tor before 0.2.0.32 does not properly process the ClientDNSRejectInternalAddresses configuration option in situations where an exit relay issues a policy-based refusal of a stream, which allows remote exit relays to have an unknown impact by mapping an internal IP address to the destination hostname of a refused stream.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tor | Tor | <= 0.1.2.31 |
Related Weaknesses (CWE)
References
- http://blog.torproject.org/blog/tor-0.2.0.32-releasedPatch
- http://secunia.com/advisories/33025Vendor Advisory
- http://secunia.com/advisories/34583
- http://security.gentoo.org/glsa/glsa-200904-11.xml
- http://www.securityfocus.com/bid/32648Patch
- http://www.vupen.com/english/advisories/2008/3366
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47102
- http://blog.torproject.org/blog/tor-0.2.0.32-releasedPatch
- http://secunia.com/advisories/33025Vendor Advisory
- http://secunia.com/advisories/34583
- http://security.gentoo.org/glsa/glsa-200904-11.xml
- http://www.securityfocus.com/bid/32648Patch
- http://www.vupen.com/english/advisories/2008/3366
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47102
FAQ
What is CVE-2008-5398?
CVE-2008-5398 is a vulnerability with a CVSS score of 9.3 (HIGH). Tor before 0.2.0.32 does not properly process the ClientDNSRejectInternalAddresses configuration option in situations where an exit relay issues a policy-based refusal of a stream, which allows remote...
How severe is CVE-2008-5398?
CVE-2008-5398 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-5398?
Check the references section above for vendor advisories and patch information. Affected products include: Tor Tor.