Test ID:	1.3.6.1.4.1.25623.1.0.900424
Category:	Privilege escalation
Title:	TOR Privilege Escalation Vulnerability - Linux
Summary:	TOR is prone to a privilege escalation vulnerability.
Description:	Summary: TOR is prone to a privilege escalation vulnerability. Vulnerability Insight: The flaws are due to: - an application does not properly drop privileges to the primary groups of the user specified by the User Parameter. - a ClientDNSRejectInternalAddresses configuration option is not always enforced which weaknesses the application security. Vulnerability Impact: Successful exploitation will let the attacker gain privileges and escalate the privileges in malicious ways. Affected Software/OS: Tor version 0.2.0.31 or prior. Solution: Upgrade to the latest version 0.2.0.32. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-5397 BugTraq ID: 32648 http://www.securityfocus.com/bid/32648 http://security.gentoo.org/glsa/glsa-200904-11.xml http://secunia.com/advisories/33025 http://secunia.com/advisories/34583 http://www.vupen.com/english/advisories/2008/3366 XForce ISS Database: tor-user-privilege-escalation(47101) https://exchange.xforce.ibmcloud.com/vulnerabilities/47101 Common Vulnerability Exposure (CVE) ID: CVE-2008-5398 XForce ISS Database: tor-clientdnsreject-security-bypass(47102) https://exchange.xforce.ibmcloud.com/vulnerabilities/47102
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.