CVE-2008-5397 Information

Description

Tor before 0.2.0.32 does not properly process the (1) User and (2) Group configuration options which might allow local users to gain privileges by leveraging unintended supplementary group memberships of the Tor process.

Reference

http://blog.torproject.org/blog/tor-0.2.0.32-released http://secunia.com/advisories/33025 http://secunia.com/advisories/34583 http://security.gentoo.org/glsa/glsa-200904-11.xml http://www.securityfocus.com/bid/32648 http://www.vupen.com/english/advisories/2008/3366 https://exchange.xforce.ibmcloud.com/vulnerabilities/47101