Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.51.0812162131200.5724@faron.mitre.org>
Date: Tue, 16 Dec 2008 21:31:38 -0500 (EST)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security <oss-security@...ts.openwall.com>
cc: coley@...re.org
Subject: Re: CVE Request - tor


======================================================
Name: CVE-2008-5397
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5397
Reference: CONFIRM:http://blog.torproject.org/blog/tor-0.2.0.32-released
Reference: BID:32648
Reference: URL:http://www.securityfocus.com/bid/32648
Reference: SECUNIA:33025
Reference: URL:http://secunia.com/advisories/33025
Reference: XF:tor-user-privilege-escalation(47101)
Reference: URL:http://xforce.iss.net/xforce/xfdb/47101

Tor before 0.2.0.32 does not properly process the (1) User and (2)
Group configuration options, which might allow local users to gain
privileges by leveraging unintended supplementary group memberships of
the Tor process.


======================================================
Name: CVE-2008-5398
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5398
Reference: CONFIRM:http://blog.torproject.org/blog/tor-0.2.0.32-released
Reference: BID:32648
Reference: URL:http://www.securityfocus.com/bid/32648
Reference: SECUNIA:33025
Reference: URL:http://secunia.com/advisories/33025
Reference: XF:tor-clientdnsreject-security-bypass(47102)
Reference: URL:http://xforce.iss.net/xforce/xfdb/47102

Tor before 0.2.0.32 does not properly process the
ClientDNSRejectInternalAddresses configuration option in situations
where an exit relay issues a policy-based refusal of a stream, which
allows remote exit relays to have an unknown impact by mapping an
internal IP address to the destination hostname of a refused stream.


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.