7.2
CVE-2008-5397
- EPSS 0.36%
- Veröffentlicht 09.12.2008 00:30:00
- Zuletzt bearbeitet 16.06.2026 22:59:53
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginTor before 0.2.0.32 does not properly process the (1) User and (2) Group configuration options, which might allow local users to gain privileges by leveraging unintended supplementary group memberships of the Tor process.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.36% | 0.274 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
http://blog.torproject.org/blog/tor-0.2.0.32-released
http://secunia.com/advisories/33025
http://secunia.com/advisories/34583
http://security.gentoo.org/glsa/glsa-200904-11.xml
http://www.securityfocus.com/bid/32648
http://www.vupen.com/english/advisories/2008/3366
https://exchange.xforce.ibmcloud.com/vulnerabilities/47101