Vulnerability Details : CVE-2008-5397

Tor before 0.2.0.32 does not properly process the (1) User and (2) Group configuration options, which might allow local users to gain privileges by leveraging unintended supplementary group memberships of the Tor process.

Published 2008-12-09 00:30:01

Updated 2017-08-08 01:33:18

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2008-5397

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2008-5397

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	[email protected]
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2008-5397

CWE-264

Assigned by: [email protected] (Primary)

References for CVE-2008-5397

Products affected by CVE-2008-5397

TOR » TOR
Versions up to, including, (<=) 0.1.2.31
cpe:2.3:a:tor:tor:*:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.0.9.1
cpe:2.3:a:tor:tor:0.0.9.1:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.0.9.2
cpe:2.3:a:tor:tor:0.0.9.2:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.0.9.9
cpe:2.3:a:tor:tor:0.0.9.9:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.0.9.5
cpe:2.3:a:tor:tor:0.0.9.5:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.0.9.6
cpe:2.3:a:tor:tor:0.0.9.6:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.0.9.3
cpe:2.3:a:tor:tor:0.0.9.3:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.0.9.4
cpe:2.3:a:tor:tor:0.0.9.4:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.0.9
cpe:2.3:a:tor:tor:0.0.9:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.0.9.7
cpe:2.3:a:tor:tor:0.0.9.7:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.0.9.8
cpe:2.3:a:tor:tor:0.0.9.8:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.0.1
cpe:2.3:a:tor:tor:0.1.0.1:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.0.4
cpe:2.3:a:tor:tor:0.1.0.4:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.0.5
cpe:2.3:a:tor:tor:0.1.0.5:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.0.10
cpe:2.3:a:tor:tor:0.1.0.10:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.0.11
cpe:2.3:a:tor:tor:0.1.0.11:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.0.6
cpe:2.3:a:tor:tor:0.1.0.6:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.0.7
cpe:2.3:a:tor:tor:0.1.0.7:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.0.12
cpe:2.3:a:tor:tor:0.1.0.12:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.0.13
cpe:2.3:a:tor:tor:0.1.0.13:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.0.8
cpe:2.3:a:tor:tor:0.1.0.8:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.0.9
cpe:2.3:a:tor:tor:0.1.0.9:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.1.1 Alpha
cpe:2.3:a:tor:tor:0.1.1.1_alpha:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.1.4 Alpha
cpe:2.3:a:tor:tor:0.1.1.4_alpha:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.0.2
cpe:2.3:a:tor:tor:0.1.0.2:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.0.3
cpe:2.3:a:tor:tor:0.1.0.3:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.1.2 Alpha
cpe:2.3:a:tor:tor:0.1.1.2_alpha:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.1.3 Alpha
cpe:2.3:a:tor:tor:0.1.1.3_alpha:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.0.2 Pre13
cpe:2.3:a:tor:tor:0.0.2_pre13:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.0.2 Pre14
cpe:2.3:a:tor:tor:0.0.2_pre14:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.0.2 Pre22
cpe:2.3:a:tor:tor:0.0.2_pre22:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.0.2 Pre23
cpe:2.3:a:tor:tor:0.0.2_pre23:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.0.5
cpe:2.3:a:tor:tor:0.0.5:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.0.6
cpe:2.3:a:tor:tor:0.0.6:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.0.8
cpe:2.3:a:tor:tor:0.0.8:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.0.8.1
cpe:2.3:a:tor:tor:0.0.8.1:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.0.14
cpe:2.3:a:tor:tor:0.1.0.14:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.0.15
cpe:2.3:a:tor:tor:0.1.0.15:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.1.5 Alpha
cpe:2.3:a:tor:tor:0.1.1.5_alpha:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.1.6 Alpha
cpe:2.3:a:tor:tor:0.1.1.6_alpha:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.0.2 Pre15
cpe:2.3:a:tor:tor:0.0.2_pre15:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.0.2 Pre16
cpe:2.3:a:tor:tor:0.0.2_pre16:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.0.2 Pre24
cpe:2.3:a:tor:tor:0.0.2_pre24:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.0.2 Pre25
cpe:2.3:a:tor:tor:0.0.2_pre25:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.0.6.1
cpe:2.3:a:tor:tor:0.0.6.1:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.0.6.2
cpe:2.3:a:tor:tor:0.0.6.2:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.0.9.10
cpe:2.3:a:tor:tor:0.0.9.10:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.0.2
cpe:2.3:a:tor:tor:0.0.2:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.0.2 Pre20
cpe:2.3:a:tor:tor:0.0.2_pre20:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.0.2 Pre21
cpe:2.3:a:tor:tor:0.0.2_pre21:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.0.3
cpe:2.3:a:tor:tor:0.0.3:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.0.4
cpe:2.3:a:tor:tor:0.0.4:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.0.7.2
cpe:2.3:a:tor:tor:0.0.7.2:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.0.7.3
cpe:2.3:a:tor:tor:0.0.7.3:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.0.16
cpe:2.3:a:tor:tor:0.1.0.16:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.0.17
cpe:2.3:a:tor:tor:0.1.0.17:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.1.7 Alpha
cpe:2.3:a:tor:tor:0.1.1.7_alpha:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.1.8 Alpha
cpe:2.3:a:tor:tor:0.1.1.8_alpha:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.0.2 Pre17
cpe:2.3:a:tor:tor:0.0.2_pre17:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.0.2 Pre18
cpe:2.3:a:tor:tor:0.0.2_pre18:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.0.2 Pre19
cpe:2.3:a:tor:tor:0.0.2_pre19:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.0.2 Pre26
cpe:2.3:a:tor:tor:0.0.2_pre26:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.0.2 Pre27
cpe:2.3:a:tor:tor:0.0.2_pre27:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.0.7
cpe:2.3:a:tor:tor:0.0.7:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.0.7.1
cpe:2.3:a:tor:tor:0.0.7.1:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.1.10 Alpha
cpe:2.3:a:tor:tor:0.1.1.10_alpha:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.1.9 Alpha
cpe:2.3:a:tor:tor:0.1.1.9_alpha:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.0.19
cpe:2.3:a:tor:tor:0.1.0.19:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.0.18
cpe:2.3:a:tor:tor:0.1.0.18:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.1.14
cpe:2.3:a:tor:tor:0.1.1.14:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.1.15
cpe:2.3:a:tor:tor:0.1.1.15:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.1.22
cpe:2.3:a:tor:tor:0.1.1.22:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.1.3
cpe:2.3:a:tor:tor:0.1.1.3:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.1.12
cpe:2.3:a:tor:tor:0.1.1.12:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.1.13
cpe:2.3:a:tor:tor:0.1.1.13:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.1.20
cpe:2.3:a:tor:tor:0.1.1.20:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.1.21
cpe:2.3:a:tor:tor:0.1.1.21:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.1.8
cpe:2.3:a:tor:tor:0.1.1.8:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.1.9
cpe:2.3:a:tor:tor:0.1.1.9:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.1.1
cpe:2.3:a:tor:tor:0.1.1.1:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.1.16
cpe:2.3:a:tor:tor:0.1.1.16:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.1.17
cpe:2.3:a:tor:tor:0.1.1.17:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.1.18
cpe:2.3:a:tor:tor:0.1.1.18:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.1.4
cpe:2.3:a:tor:tor:0.1.1.4:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.1.5
cpe:2.3:a:tor:tor:0.1.1.5:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.1.10
cpe:2.3:a:tor:tor:0.1.1.10:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.1.11
cpe:2.3:a:tor:tor:0.1.1.11:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.1.19
cpe:2.3:a:tor:tor:0.1.1.19:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.1.2
cpe:2.3:a:tor:tor:0.1.1.2:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.1.6
cpe:2.3:a:tor:tor:0.1.1.6:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.1.7
cpe:2.3:a:tor:tor:0.1.1.7:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.1.26
cpe:2.3:a:tor:tor:0.1.1.26:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.1.23
cpe:2.3:a:tor:tor:0.1.1.23:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.2.1 Alpha-cvs
cpe:2.3:a:tor:tor:0.1.2.1_alpha-cvs:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.2.14
cpe:2.3:a:tor:tor:0.1.2.14:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.2.19
cpe:2.3:a:tor:tor:0.1.2.19:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.2.30
cpe:2.3:a:tor:tor:0.1.2.30:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.2.15
cpe:2.3:a:tor:tor:0.1.2.15:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.2.17
cpe:2.3:a:tor:tor:0.1.2.17:*:*:*:*:*:*:*
Matching versions
TOR » TOR » Version: 0.1.2.18
cpe:2.3:a:tor:tor:0.1.2.18:*:*:*:*:*:*:*
Matching versions