Summary
This host is installed with TOR and is prone to Privilege Escalation vulnerability.
Impact
Successful exploitation will let the attacker gain privileges and escalate the privileges in malicious ways.
Solution
Upgrade to the latest version 0.2.0.32
http://www.torproject.org/download.html.en
Insight
The flaws are due to,
- an application does not properly drop privileges to the primary groups of the user specified by the User Parameter.
- a ClientDNSRejectInternalAddresses configuration option is not always enforced which weaknesses the application security.
Affected
Tor version 0.2.0.31 or prior.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-5397, CVE-2008-5398 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Default password router Zyxel
- ArcaVir AntiVirus Products Privilege Escalation Vulnerability
- VMAX Web Viewer Default Credentials Authentication Bypass Vulnerability
- Mozilla Products 'NoWaiverWrapper' Privilege Escalation Vulnerability (Mac OS X)
- South River Technologies WebDrive Local Privilege Escalation Vulnerability