oss-sec mailing list archives
Re: CVE Request - tor
From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 16 Dec 2008 21:31:38 -0500 (EST)
====================================================== Name: CVE-2008-5397 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5397 Reference: CONFIRM:http://blog.torproject.org/blog/tor-0.2.0.32-released Reference: BID:32648 Reference: URL:http://www.securityfocus.com/bid/32648 Reference: SECUNIA:33025 Reference: URL:http://secunia.com/advisories/33025 Reference: XF:tor-user-privilege-escalation(47101) Reference: URL:http://xforce.iss.net/xforce/xfdb/47101 Tor before 0.2.0.32 does not properly process the (1) User and (2) Group configuration options, which might allow local users to gain privileges by leveraging unintended supplementary group memberships of the Tor process. ====================================================== Name: CVE-2008-5398 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5398 Reference: CONFIRM:http://blog.torproject.org/blog/tor-0.2.0.32-released Reference: BID:32648 Reference: URL:http://www.securityfocus.com/bid/32648 Reference: SECUNIA:33025 Reference: URL:http://secunia.com/advisories/33025 Reference: XF:tor-clientdnsreject-security-bypass(47102) Reference: URL:http://xforce.iss.net/xforce/xfdb/47102 Tor before 0.2.0.32 does not properly process the ClientDNSRejectInternalAddresses configuration option in situations where an exit relay issues a policy-based refusal of a stream, which allows remote exit relays to have an unknown impact by mapping an internal IP address to the destination hostname of a refused stream.
Current thread:
- CVE Request - tor Jan Lieskovsky (Dec 08)
- Re: CVE Request - tor Steven M. Christey (Dec 16)