Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5398

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-5398
Last Modified 07 Mar 2011 10:14:31
Published 08 Dec 2008 07:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-5398

Summary

Tor before 0.2.0.32 does not properly process the ClientDNSRejectInternalAddresses configuration option in situations where an exit relay issues a policy-based refusal of a stream, which allows remote exit relays to have an unknown impact by mapping an internal IP address to the destination hostname of a refused stream.

Vulnerable Systems

Application

  • Tor 0.0.2

  • Tor 0.0.2 Pre13

  • Tor 0.0.2 Pre14

  • Tor 0.0.2 Pre15

  • Tor 0.0.2 Pre16

  • Tor 0.0.2 Pre17

  • Tor 0.0.2 Pre18

  • Tor 0.0.2 Pre19

  • Tor 0.0.2 Pre20

  • Tor 0.0.2 Pre21

  • Tor 0.0.2 Pre22

  • Tor 0.0.2 Pre23

  • Tor 0.0.2 Pre24

  • Tor 0.0.2 Pre25

  • Tor 0.0.2 Pre26

  • Tor 0.0.2 Pre27

  • Tor 0.0.3

  • Tor 0.0.4

  • Tor 0.0.5

  • Tor 0.0.6

  • Tor 0.0.6.1

  • Tor 0.0.6.2

  • Tor 0.0.7

  • Tor 0.0.7.1

  • Tor 0.0.7.2

  • Tor 0.0.7.3

  • Tor 0.0.8

  • Tor 0.0.8.1

  • Tor 0.0.9

  • Tor 0.0.9.1

  • Tor 0.0.9.10

  • Tor 0.0.9.2

  • Tor 0.0.9.3

  • Tor 0.0.9.4

  • Tor 0.0.9.5

  • Tor 0.0.9.6

  • Tor 0.0.9.7

  • Tor 0.0.9.8

  • Tor 0.0.9.9

  • Tor 0.1.0.1

  • Tor 0.1.0.10

  • Tor 0.1.0.11

  • Tor 0.1.0.12

  • Tor 0.1.0.13

  • Tor 0.1.0.14

  • Tor 0.1.0.15

  • Tor 0.1.0.16

  • Tor 0.1.0.17

  • Tor 0.1.0.18

  • Tor 0.1.0.19

  • Tor 0.1.0.2

  • Tor 0.1.0.3

  • Tor 0.1.0.4

  • Tor 0.1.0.5

  • Tor 0.1.0.6

  • Tor 0.1.0.7

  • Tor 0.1.0.8

  • Tor 0.1.0.9

  • Tor 0.1.1.1

  • Tor 0.1.1.1 Alpha

  • Tor 0.1.1.10

  • Tor 0.1.1.10 Alpha

  • Tor 0.1.1.11

  • Tor 0.1.1.12

  • Tor 0.1.1.13

  • Tor 0.1.1.14

  • Tor 0.1.1.15

  • Tor 0.1.1.16

  • Tor 0.1.1.17

  • Tor 0.1.1.18

  • Tor 0.1.1.19

  • Tor 0.1.1.2

  • Tor 0.1.1.2 Alpha

  • Tor 0.1.1.20

  • Tor 0.1.1.21

  • Tor 0.1.1.22

  • Tor 0.1.1.23

  • Tor 0.1.1.26

  • Tor 0.1.1.3

  • Tor 0.1.1.3 Alpha

  • Tor 0.1.1.4

  • Tor 0.1.1.4 Alpha

  • Tor 0.1.1.5

  • Tor 0.1.1.5 Alpha

  • Tor 0.1.1.6

  • Tor 0.1.1.6 Alpha

  • Tor 0.1.1.7

  • Tor 0.1.1.7 Alpha

  • Tor 0.1.1.8

  • Tor 0.1.1.8 Alpha

  • Tor 0.1.1.9

  • Tor 0.1.1.9 Alpha

  • Tor 0.1.2.1 Alpha-cvs

  • Tor 0.1.2.14

  • Tor 0.1.2.15

  • Tor 0.1.2.17

  • Tor 0.1.2.18

  • Tor 0.1.2.19

  • Tor 0.1.2.30

  • Tor 0.1.2.31


References

BID - 32648

CONFIRM - http://blog.torproject.org/blog/tor-0.2.0.32-released

XF - tor-clientdnsreject-security-bypass(47102)

VUPEN - ADV-2008-3366

GENTOO - GLSA-200904-11

SECUNIA - 34583

SECUNIA - 33025


Last Updated: 27 May 2016 10:48:48