← back
CVE-2008-5397

CVE-2008-5397

EPSS 0.4%
Tor before 0.2.0.32 does not properly process the (1) User and (2) Group configuration options, which might allow local users to gain privileges by leveraging unintended supplementary group memberships of the Tor process.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://blog.torproject.org/blog/tor-0.2.0.32-releasedhttp://secunia.com/advisories/33025http://secunia.com/advisories/34583http://security.gentoo.org/glsa/glsa-200904-11.xmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/47101http://www.securityfocus.com/bid/32648http://www.vupen.com/english/advisories/2008/3366