CVE-2008-5397
Severity Score
7.2
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Tor before 0.2.0.32 does not properly process the (1) User and (2) Group configuration options, which might allow local users to gain privileges by leveraging unintended supplementary group memberships of the Tor process.
Tor anterior a v0.2.32 no procesa adecuadamente la configuración de las opciones de (1)usuario (User) y (2) Grupo (group), lo que permitirÃa a usuarios locales obtener privilegios aprovechando la pertenencia a grupos creados por defecto en los procesos de Tor.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-12-08 CVE Reserved
- 2008-12-09 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://blog.torproject.org/blog/tor-0.2.0.32-released | X_refsource_confirm | |
| http://secunia.com/advisories/34583 | Third Party Advisory | |
| http://www.vupen.com/english/advisories/2008/3366 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/47101 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.securityfocus.com/bid/32648 | 2017-08-08 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/33025 | 2017-08-08 | |
| http://security.gentoo.org/glsa/glsa-200904-11.xml | 2017-08-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | <= 0.1.2.31 Search vendor "Tor" for product "Tor" and version " <= 0.1.2.31" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.0.2 Search vendor "Tor" for product "Tor" and version "0.0.2" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.0.2_pre13 Search vendor "Tor" for product "Tor" and version "0.0.2_pre13" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.0.2_pre14 Search vendor "Tor" for product "Tor" and version "0.0.2_pre14" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.0.2_pre15 Search vendor "Tor" for product "Tor" and version "0.0.2_pre15" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.0.2_pre16 Search vendor "Tor" for product "Tor" and version "0.0.2_pre16" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.0.2_pre17 Search vendor "Tor" for product "Tor" and version "0.0.2_pre17" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.0.2_pre18 Search vendor "Tor" for product "Tor" and version "0.0.2_pre18" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.0.2_pre19 Search vendor "Tor" for product "Tor" and version "0.0.2_pre19" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.0.2_pre20 Search vendor "Tor" for product "Tor" and version "0.0.2_pre20" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.0.2_pre21 Search vendor "Tor" for product "Tor" and version "0.0.2_pre21" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.0.2_pre22 Search vendor "Tor" for product "Tor" and version "0.0.2_pre22" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.0.2_pre23 Search vendor "Tor" for product "Tor" and version "0.0.2_pre23" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.0.2_pre24 Search vendor "Tor" for product "Tor" and version "0.0.2_pre24" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.0.2_pre25 Search vendor "Tor" for product "Tor" and version "0.0.2_pre25" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.0.2_pre26 Search vendor "Tor" for product "Tor" and version "0.0.2_pre26" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.0.2_pre27 Search vendor "Tor" for product "Tor" and version "0.0.2_pre27" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.0.3 Search vendor "Tor" for product "Tor" and version "0.0.3" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.0.4 Search vendor "Tor" for product "Tor" and version "0.0.4" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.0.5 Search vendor "Tor" for product "Tor" and version "0.0.5" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.0.6 Search vendor "Tor" for product "Tor" and version "0.0.6" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.0.6.1 Search vendor "Tor" for product "Tor" and version "0.0.6.1" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.0.6.2 Search vendor "Tor" for product "Tor" and version "0.0.6.2" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.0.7 Search vendor "Tor" for product "Tor" and version "0.0.7" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.0.7.1 Search vendor "Tor" for product "Tor" and version "0.0.7.1" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.0.7.2 Search vendor "Tor" for product "Tor" and version "0.0.7.2" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.0.7.3 Search vendor "Tor" for product "Tor" and version "0.0.7.3" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.0.8 Search vendor "Tor" for product "Tor" and version "0.0.8" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.0.8.1 Search vendor "Tor" for product "Tor" and version "0.0.8.1" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.0.9 Search vendor "Tor" for product "Tor" and version "0.0.9" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.0.9.1 Search vendor "Tor" for product "Tor" and version "0.0.9.1" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.0.9.2 Search vendor "Tor" for product "Tor" and version "0.0.9.2" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.0.9.3 Search vendor "Tor" for product "Tor" and version "0.0.9.3" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.0.9.4 Search vendor "Tor" for product "Tor" and version "0.0.9.4" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.0.9.5 Search vendor "Tor" for product "Tor" and version "0.0.9.5" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.0.9.6 Search vendor "Tor" for product "Tor" and version "0.0.9.6" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.0.9.7 Search vendor "Tor" for product "Tor" and version "0.0.9.7" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.0.9.8 Search vendor "Tor" for product "Tor" and version "0.0.9.8" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.0.9.9 Search vendor "Tor" for product "Tor" and version "0.0.9.9" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.0.9.10 Search vendor "Tor" for product "Tor" and version "0.0.9.10" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.0.1 Search vendor "Tor" for product "Tor" and version "0.1.0.1" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.0.2 Search vendor "Tor" for product "Tor" and version "0.1.0.2" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.0.3 Search vendor "Tor" for product "Tor" and version "0.1.0.3" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.0.4 Search vendor "Tor" for product "Tor" and version "0.1.0.4" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.0.5 Search vendor "Tor" for product "Tor" and version "0.1.0.5" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.0.6 Search vendor "Tor" for product "Tor" and version "0.1.0.6" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.0.7 Search vendor "Tor" for product "Tor" and version "0.1.0.7" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.0.8 Search vendor "Tor" for product "Tor" and version "0.1.0.8" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.0.9 Search vendor "Tor" for product "Tor" and version "0.1.0.9" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.0.10 Search vendor "Tor" for product "Tor" and version "0.1.0.10" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.0.11 Search vendor "Tor" for product "Tor" and version "0.1.0.11" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.0.12 Search vendor "Tor" for product "Tor" and version "0.1.0.12" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.0.13 Search vendor "Tor" for product "Tor" and version "0.1.0.13" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.0.14 Search vendor "Tor" for product "Tor" and version "0.1.0.14" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.0.15 Search vendor "Tor" for product "Tor" and version "0.1.0.15" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.0.16 Search vendor "Tor" for product "Tor" and version "0.1.0.16" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.0.17 Search vendor "Tor" for product "Tor" and version "0.1.0.17" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.0.18 Search vendor "Tor" for product "Tor" and version "0.1.0.18" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.0.19 Search vendor "Tor" for product "Tor" and version "0.1.0.19" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.1.1 Search vendor "Tor" for product "Tor" and version "0.1.1.1" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.1.1_alpha Search vendor "Tor" for product "Tor" and version "0.1.1.1_alpha" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.1.2 Search vendor "Tor" for product "Tor" and version "0.1.1.2" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.1.2_alpha Search vendor "Tor" for product "Tor" and version "0.1.1.2_alpha" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.1.3 Search vendor "Tor" for product "Tor" and version "0.1.1.3" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.1.3_alpha Search vendor "Tor" for product "Tor" and version "0.1.1.3_alpha" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.1.4 Search vendor "Tor" for product "Tor" and version "0.1.1.4" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.1.4_alpha Search vendor "Tor" for product "Tor" and version "0.1.1.4_alpha" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.1.5 Search vendor "Tor" for product "Tor" and version "0.1.1.5" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.1.5_alpha Search vendor "Tor" for product "Tor" and version "0.1.1.5_alpha" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.1.6 Search vendor "Tor" for product "Tor" and version "0.1.1.6" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.1.6_alpha Search vendor "Tor" for product "Tor" and version "0.1.1.6_alpha" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.1.7 Search vendor "Tor" for product "Tor" and version "0.1.1.7" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.1.7_alpha Search vendor "Tor" for product "Tor" and version "0.1.1.7_alpha" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.1.8 Search vendor "Tor" for product "Tor" and version "0.1.1.8" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.1.8_alpha Search vendor "Tor" for product "Tor" and version "0.1.1.8_alpha" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.1.9 Search vendor "Tor" for product "Tor" and version "0.1.1.9" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.1.9_alpha Search vendor "Tor" for product "Tor" and version "0.1.1.9_alpha" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.1.10 Search vendor "Tor" for product "Tor" and version "0.1.1.10" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.1.10_alpha Search vendor "Tor" for product "Tor" and version "0.1.1.10_alpha" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.1.11 Search vendor "Tor" for product "Tor" and version "0.1.1.11" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.1.12 Search vendor "Tor" for product "Tor" and version "0.1.1.12" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.1.13 Search vendor "Tor" for product "Tor" and version "0.1.1.13" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.1.14 Search vendor "Tor" for product "Tor" and version "0.1.1.14" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.1.15 Search vendor "Tor" for product "Tor" and version "0.1.1.15" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.1.16 Search vendor "Tor" for product "Tor" and version "0.1.1.16" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.1.17 Search vendor "Tor" for product "Tor" and version "0.1.1.17" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.1.18 Search vendor "Tor" for product "Tor" and version "0.1.1.18" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.1.19 Search vendor "Tor" for product "Tor" and version "0.1.1.19" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.1.20 Search vendor "Tor" for product "Tor" and version "0.1.1.20" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.1.21 Search vendor "Tor" for product "Tor" and version "0.1.1.21" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.1.22 Search vendor "Tor" for product "Tor" and version "0.1.1.22" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.1.23 Search vendor "Tor" for product "Tor" and version "0.1.1.23" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.1.26 Search vendor "Tor" for product "Tor" and version "0.1.1.26" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.2.1_alpha-cvs Search vendor "Tor" for product "Tor" and version "0.1.2.1_alpha-cvs" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.2.14 Search vendor "Tor" for product "Tor" and version "0.1.2.14" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.2.15 Search vendor "Tor" for product "Tor" and version "0.1.2.15" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.2.17 Search vendor "Tor" for product "Tor" and version "0.1.2.17" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.2.18 Search vendor "Tor" for product "Tor" and version "0.1.2.18" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.2.19 Search vendor "Tor" for product "Tor" and version "0.1.2.19" | - |
Affected
| ||||||
| Tor Search vendor "Tor" | Tor Search vendor "Tor" for product "Tor" | 0.1.2.30 Search vendor "Tor" for product "Tor" and version "0.1.2.30" | - |
Affected
| ||||||