fkie_nvd - fkie_cve-2008-5397

fkie_cve-2008-5397

Vulnerability from fkie_nvd

Published

2008-12-09 00:30

Modified

2025-04-09 00:30

Severity ?

Summary

Tor before 0.2.0.32 does not properly process the (1) User and (2) Group configuration options, which might allow local users to gain privileges by leveraging unintended supplementary group memberships of the Tor process.

References

URL	Tags
cve@mitre.org	http://blog.torproject.org/blog/tor-0.2.0.32-released
cve@mitre.org	http://secunia.com/advisories/33025	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/34583
cve@mitre.org	http://security.gentoo.org/glsa/glsa-200904-11.xml
cve@mitre.org	http://www.securityfocus.com/bid/32648	Patch
cve@mitre.org	http://www.vupen.com/english/advisories/2008/3366
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/47101
af854a3a-2127-422b-91ae-364da2661108	http://blog.torproject.org/blog/tor-0.2.0.32-released
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33025	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34583
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200904-11.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/32648	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/3366
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/47101

Impacted products

Vendor	Product	Version
tor	tor	*
tor	tor	0.0.2
tor	tor	0.0.2_pre13
tor	tor	0.0.2_pre14
tor	tor	0.0.2_pre15
tor	tor	0.0.2_pre16
tor	tor	0.0.2_pre17
tor	tor	0.0.2_pre18
tor	tor	0.0.2_pre19
tor	tor	0.0.2_pre20
tor	tor	0.0.2_pre21
tor	tor	0.0.2_pre22
tor	tor	0.0.2_pre23
tor	tor	0.0.2_pre24
tor	tor	0.0.2_pre25
tor	tor	0.0.2_pre26
tor	tor	0.0.2_pre27
tor	tor	0.0.3
tor	tor	0.0.4
tor	tor	0.0.5
tor	tor	0.0.6
tor	tor	0.0.6.1
tor	tor	0.0.6.2
tor	tor	0.0.7
tor	tor	0.0.7.1
tor	tor	0.0.7.2
tor	tor	0.0.7.3
tor	tor	0.0.8
tor	tor	0.0.8.1
tor	tor	0.0.9
tor	tor	0.0.9.1
tor	tor	0.0.9.2
tor	tor	0.0.9.3
tor	tor	0.0.9.4
tor	tor	0.0.9.5
tor	tor	0.0.9.6
tor	tor	0.0.9.7
tor	tor	0.0.9.8
tor	tor	0.0.9.9
tor	tor	0.0.9.10
tor	tor	0.1.0.1
tor	tor	0.1.0.2
tor	tor	0.1.0.3
tor	tor	0.1.0.4
tor	tor	0.1.0.5
tor	tor	0.1.0.6
tor	tor	0.1.0.7
tor	tor	0.1.0.8
tor	tor	0.1.0.9
tor	tor	0.1.0.10
tor	tor	0.1.0.11
tor	tor	0.1.0.12
tor	tor	0.1.0.13
tor	tor	0.1.0.14
tor	tor	0.1.0.15
tor	tor	0.1.0.16
tor	tor	0.1.0.17
tor	tor	0.1.0.18
tor	tor	0.1.0.19
tor	tor	0.1.1.1
tor	tor	0.1.1.1_alpha
tor	tor	0.1.1.2
tor	tor	0.1.1.2_alpha
tor	tor	0.1.1.3
tor	tor	0.1.1.3_alpha
tor	tor	0.1.1.4
tor	tor	0.1.1.4_alpha
tor	tor	0.1.1.5
tor	tor	0.1.1.5_alpha
tor	tor	0.1.1.6
tor	tor	0.1.1.6_alpha
tor	tor	0.1.1.7
tor	tor	0.1.1.7_alpha
tor	tor	0.1.1.8
tor	tor	0.1.1.8_alpha
tor	tor	0.1.1.9
tor	tor	0.1.1.9_alpha
tor	tor	0.1.1.10
tor	tor	0.1.1.10_alpha
tor	tor	0.1.1.11
tor	tor	0.1.1.12
tor	tor	0.1.1.13
tor	tor	0.1.1.14
tor	tor	0.1.1.15
tor	tor	0.1.1.16
tor	tor	0.1.1.17
tor	tor	0.1.1.18
tor	tor	0.1.1.19
tor	tor	0.1.1.20
tor	tor	0.1.1.21
tor	tor	0.1.1.22
tor	tor	0.1.1.23
tor	tor	0.1.1.26
tor	tor	0.1.2.1_alpha-cvs
tor	tor	0.1.2.14
tor	tor	0.1.2.15
tor	tor	0.1.2.17
tor	tor	0.1.2.18
tor	tor	0.1.2.19
tor	tor	0.1.2.30

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tor:tor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB84ADB5-01EA-4ECF-B36E-9CE54E8309C0",
              "versionEndIncluding": "0.1.2.31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD529C5A-D6E8-4FFD-B552-B91A9BD409F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.0.2_pre13:*:*:*:*:*:*:*",
              "matchCriteriaId": "4490AC9B-E8D8-4C97-866B-AB76AB2536F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.0.2_pre14:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DBA48C9-C0CA-41C8-BDD3-0E69ED7AAC8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.0.2_pre15:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8970D3-4C0B-4B6F-BEB4-08FF20FAEBF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.0.2_pre16:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A2A2B60-8D31-4B59-8407-9CE62709906A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.0.2_pre17:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDE02B1D-AA25-4364-8E54-583A0304FA69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.0.2_pre18:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE3AB095-3F57-4922-BC12-0842FA158555",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.0.2_pre19:*:*:*:*:*:*:*",
              "matchCriteriaId": "F066E4A3-BE6F-4FF7-AE7A-C8E3A33D7197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.0.2_pre20:*:*:*:*:*:*:*",
              "matchCriteriaId": "811FD436-8BD2-463A-8072-A915FFCA33C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.0.2_pre21:*:*:*:*:*:*:*",
              "matchCriteriaId": "83F107CD-7334-4D9D-AEFF-FA5F8DE72576",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.0.2_pre22:*:*:*:*:*:*:*",
              "matchCriteriaId": "07EB2211-D97D-47EF-94D1-01E7A3879BC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.0.2_pre23:*:*:*:*:*:*:*",
              "matchCriteriaId": "28DC8889-4E65-46D0-AA68-6390757862D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.0.2_pre24:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E4C7373-82F1-49E6-90D6-7A02AC52F255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.0.2_pre25:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F3D847A-D8F1-40CE-AE33-A397654C55B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.0.2_pre26:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B3A2CE6-F8DE-4B8A-BEEA-6732E4342792",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.0.2_pre27:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9238A5E-28EA-405A-8CF9-7410CB2CA6EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7301BA35-2522-4144-83C2-6A3A6D329A8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "37993416-D81F-4F6B-AB2C-16F351BE68D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "295C826F-CBEB-4BA2-A760-22D58D231BBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D230B213-4A35-488F-A4B5-87F77BD65E5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFF88062-8726-4C1D-8F93-ABA0B1654656",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.0.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A710565-6960-4D46-A1EB-86FE0927A66D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "81F6C954-7C0A-41E5-9719-26082E40C5E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.0.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "43784D06-2D2A-46D1-ADE2-B947B3F10F33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.0.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "196BF37C-CD62-4D4C-A716-827B0E6A5065",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.0.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "20076B65-48E6-4DA2-BDA1-AC4F904B449D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "48A2CCAD-397B-4037-B99B-F0A622FAF8D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.0.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "50E74056-DD32-49E6-808A-5A9B755F1DC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E2103A8-0F3F-4226-A5D8-4BF239FD6636",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.0.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDA35257-80F6-4DDF-94EF-ABE1ED039ED8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.0.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0490AB18-A839-400D-88E2-D918B1EEFA00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.0.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBED980F-A8B9-4C44-957C-FD18867B1799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.0.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E033E0C-C7F6-4910-A795-28BA60E9431A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.0.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AAAACA5-F431-4D83-B04D-EC9A81C96184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.0.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1D5B46C-E7D3-495F-861C-12324F09EC9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.0.9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "639E3063-34CC-4AE2-B055-92D36ECAADF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.0.9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5305AF8-E26C-44A1-B546-AAC5D1C2D053",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.0.9.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "48DCAB29-4EF2-4A50-A941-DA5D89E27D51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.0.9.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "33928D26-39DF-4E15-9979-F9484913C219",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A8F70D6-4B9C-4131-A419-4AD9325DFFC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "48B8A291-E1F7-444F-8C5B-C3C38541B3D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "24581D9F-02AF-42E6-A3D7-9CAD43E26477",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B978E3E-69D7-46BD-BD88-1409A546FF66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7FED829-128A-4F87-9838-AD0C9C11E458",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A39B543-5978-46FC-AF85-D635D87E3B92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CE0BE0D-F509-4A91-BDD7-A0A8324498D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "803498D9-C750-4D16-8ADF-2F98E71888A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "65F6A78C-76E9-4A5F-92BD-B16D1CBE934F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "C04309D4-FEA8-47EA-BB9A-8CBD341B475F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8607F3C9-F185-4B87-8A1B-B9495A4F244D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "525A0E09-D4CF-42AA-8EB2-47E0E6CBA179",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "667201BB-5FDA-4E51-B865-0AF8507DBCDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1BA7280-1DF3-4A98-AFD2-C67406A32EA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "D70542A1-34B3-4EBF-BAA7-6B009CCFD22C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F2DADBB-D90B-4B9D-B9DA-65AC39C61043",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB01B6B6-66C3-443B-BA3D-0DB17BDCC0BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4E6BA17-6AE9-45ED-A8C3-F79463F427BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.0.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C7D396C-36CA-4579-BCA0-672440CB5CCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5662F3D8-754D-43E3-8EE0-3DF4B0180E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.1.1_alpha:*:*:*:*:*:*:*",
              "matchCriteriaId": "811CE708-CEE6-4B0F-98E5-E138C06EA382",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F0F837E-12E5-4332-9823-8B1F764042E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.1.2_alpha:*:*:*:*:*:*:*",
              "matchCriteriaId": "6860F802-FEC2-449A-A5FC-AFACCA8633CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BF80379-BD68-4E3B-A7CC-57B51619A0B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.1.3_alpha:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4CA23F0-7C49-430E-AD20-7C7BDCC1EEC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "57DAA48C-4B3B-4665-87AB-38ACFD6C757C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.1.4_alpha:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4D9E677-01D2-4800-82AA-F5585475D500",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "37CF2822-88B6-41F2-B10A-A8B09B27245D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.1.5_alpha:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C589D4F-60B3-450B-860A-9975BB47BBE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B300C56E-7DF5-4B24-84D1-A4732515325E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.1.6_alpha:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA331167-6A2F-402F-A28F-9EE7B6F20207",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "13846571-C84A-43D6-9970-444E6B4DB0C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.1.7_alpha:*:*:*:*:*:*:*",
              "matchCriteriaId": "F42AB6B3-7BD8-4B55-B269-DCA664A25FDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "35EB5E0E-EAF1-41C1-808D-BD1ABDE8110D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.1.8_alpha:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4740B10-EFB8-4F79-88C1-9B6F5897A71C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4D881C4-0302-44E9-A3C5-A23EFD681B5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.1.9_alpha:*:*:*:*:*:*:*",
              "matchCriteriaId": "31CA7556-D132-4E81-8E13-C7E025AF20AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8219F1A-D6F5-4D6E-B10D-4C455073520C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.1.10_alpha:*:*:*:*:*:*:*",
              "matchCriteriaId": "D224FA8D-4C5A-48BE-92F2-1EC57782046D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFB37BCB-63F0-4CC7-B98D-7048D3E18BEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB701014-7980-4BBE-8BD9-3FD2A0AF6941",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "D68C31D4-9478-4EB6-B160-E9970ADA785D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.1.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "872F7B10-30EA-4945-99BC-9EC1C09D6D6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.1.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BBC3EFD-7F03-4DC1-988C-22007216F9F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F7898C5-9450-41FD-B45D-7504D97B4CA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3A247E8-F22B-4639-96D2-9BC01C904D56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.1.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1233504-041A-454E-9F2E-6E2A4207879D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC39C113-6A7B-4152-8EBA-87A2B64D0F2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "342D2B8A-A832-4CAB-9389-93764B0DE241",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D44F099-7BC3-45C4-9DB3-03A7E40BC548",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.1.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A79A0CD-7B81-417E-8DE3-0D61006003FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.1.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F0A70AA-931A-4906-B4AD-D56E90683716",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.1.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB51EE46-D720-4C1F-8992-67F4422E43CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.2.1_alpha-cvs:*:*:*:*:*:*:*",
              "matchCriteriaId": "197BFA5D-8C65-4F59-B4A0-B6AB7B11EC07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.2.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFC7477A-5DDA-42A6-828E-A818CCF208B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.2.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "963FD695-512A-45A8-A60D-887D93FBBD1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.2.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "65ABF89E-4814-44D3-A1AD-3B7A4F876A5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.2.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "96F69A35-225C-41FF-A32B-AE53096516EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.2.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B218F1A-C04D-40B3-A6BE-86DA04E47D8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tor:tor:0.1.2.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6D575EF-37BA-4E69-BDD2-B99680D2CEC5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Tor before 0.2.0.32 does not properly process the (1) User and (2) Group configuration options, which might allow local users to gain privileges by leveraging unintended supplementary group memberships of the Tor process."
    },
    {
      "lang": "es",
      "value": "Tor anterior a v0.2.32 no procesa adecuadamente la configuraci\u00f3n de las opciones de (1)usuario (User) y (2) Grupo (group), lo que permitir\u00eda a usuarios locales obtener privilegios aprovechando la pertenencia a grupos creados por defecto en los procesos de Tor."
    }
  ],
  "id": "CVE-2008-5397",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-12-09T00:30:00.567",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://blog.torproject.org/blog/tor-0.2.0.32-released"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33025"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/34583"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200904-11.xml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/32648"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/3366"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47101"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://blog.torproject.org/blog/tor-0.2.0.32-released"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33025"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34583"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200904-11.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/32648"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/3366"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47101"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2008-5397 (GCVE-0-2008-5397)

Vulnerability from cvelistv5

Published

2008-12-09 00:00