Anfälligkeitssuche        Suche in 187964 CVE Beschreibungen
und 85075 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.900423
Kategorie:Privilege escalation
Titel:TOR Privilege Escalation Vulnerability (Windows)
Zusammenfassung:This host is installed with TOR and is prone to Privilege; Escalation vulnerability.
Beschreibung:Summary:
This host is installed with TOR and is prone to Privilege
Escalation vulnerability.

Vulnerability Insight:
The flaws are due to

- an application does not properly drop privileges to the primary groups of
the user specified by the User Parameter.

- a ClientDNSRejectInternalAddresses configuration option is not always
enforced which weaknesses the application security.

Vulnerability Impact:
Successful exploitation will let the attacker gain privileges and escalate
the privileges in malicious ways.

Affected Software/OS:
Tor version 0.2.0.31 or prior.

Solution:
Upgrade to the latest version 0.2.0.32.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Querverweis: BugTraq ID: 32648
Common Vulnerability Exposure (CVE) ID: CVE-2008-5397
http://www.securityfocus.com/bid/32648
http://security.gentoo.org/glsa/glsa-200904-11.xml
http://secunia.com/advisories/33025
http://secunia.com/advisories/34583
http://www.vupen.com/english/advisories/2008/3366
XForce ISS Database: tor-user-privilege-escalation(47101)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47101
Common Vulnerability Exposure (CVE) ID: CVE-2008-5398
XForce ISS Database: tor-clientdnsreject-security-bypass(47102)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47102
CopyrightCopyright (C) 2008 SecPod

Dies ist nur einer von 85075 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.