ID de Prueba:	1.3.6.1.4.1.25623.1.0.900424
Categoría:	Privilege escalation
Título:	TOR Privilege Escalation Vulnerability - Linux
Resumen:	TOR is prone to a privilege escalation vulnerability.
Descripción:	Summary: TOR is prone to a privilege escalation vulnerability. Vulnerability Insight: The flaws are due to: - an application does not properly drop privileges to the primary groups of the user specified by the User Parameter. - a ClientDNSRejectInternalAddresses configuration option is not always enforced which weaknesses the application security. Vulnerability Impact: Successful exploitation will let the attacker gain privileges and escalate the privileges in malicious ways. Affected Software/OS: Tor version 0.2.0.31 or prior. Solution: Upgrade to the latest version 0.2.0.32. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-5397 BugTraq ID: 32648 http://www.securityfocus.com/bid/32648 http://security.gentoo.org/glsa/glsa-200904-11.xml http://secunia.com/advisories/33025 http://secunia.com/advisories/34583 http://www.vupen.com/english/advisories/2008/3366 XForce ISS Database: tor-user-privilege-escalation(47101) https://exchange.xforce.ibmcloud.com/vulnerabilities/47101 Common Vulnerability Exposure (CVE) ID: CVE-2008-5398 XForce ISS Database: tor-clientdnsreject-security-bypass(47102) https://exchange.xforce.ibmcloud.com/vulnerabilities/47102
Copyright	Copyright (C) 2008 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.