CVE-2008-5397
EPSS 0.04%
Description
Tor before 0.2.0.32 does not properly process the (1) User and (2) Group configuration options, which might allow local users to gain privileges by leveraging unintended supplementary group memberships of the Tor process.
How to fix CVE-2008-5397
To remediate CVE-2008-5397, upgrade the affected package to a fixed version below.
- Debian/tor—upgrade to 0.2.0.32-1 or later
Is CVE-2008-5397 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 0.2.0.32-1