Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
Vulnerabilities for
'TOR'
2017-07-23
CVE-2017-11565
CWE-noinfo
debian/tor.init in the Debian tor_0.2.9.11-1~deb9u1 package for Tor was designed to execute aa-exec from the standard system pathname if the apparmor package is installed, but implements this incorrectly (with a wrong assumption that the specific pathname would remain the same forever), which allows attackers to bypass intended AppArmor restrictions by leveraging the silent loss of this protection mechanism. NOTE: this does not affect systems, such as default Debian stretch installations, on which Tor startup relies on a systemd unit file (instead of this tor.init script).
>>>
Vendor:
Debian
97
Products
Qpopper
Debian linux
Netkit
Cfingerd
TIN
Horde
Elvis tiny
Sgml-tools
Netstd
Internet message
Mailscanner
Mime-support
FSP
Strongswan
Lintian
Shadow-utils
Debmake
Tetex-bin
Sympa
DPKG
Bsmtpd
Toolchain-source
PPXP
Reportbug
Turba
Apt-cacher
FUSE
TOR
Apt-setup
Backupninja
Kernel-patch-vserver
Libmail-audit-perl
Amaya
Base-config
Apache
GFAX
Debian-goodies
Reprepro
Duplicity
Guilt
UNP
Apt-listchanges
TSS
Aptlinex
Projectl
Honeyd common
Citadel server
Python-dns
Xsabre
FETA
Dpkg-cross
Myspell
Newsgate
Initramfs-tools
Os-prober
LTP
Shadow
Horde imp
Horde groupware
Nss-ldap
APT
Libdbd-pg-perl
Devscripts
Mono-debugger
Tex-common
Apache2
Texlive-extra-utils
Php5-common
Logol
Devotee
Cifs-utils
Trousers
Bsdmainutils
LATD
Txt2man
Adequate
Localepurge
Syncevolution
Axiom
Advanced package tool
Ppthtml
Xbuffy
Dpkg-dev
Kde4libs
Python-imaging
Exuberant ctags
Hivex
Dbd-firebird
Unattended-upgrades
Xbindkeys-config
Ftpsync
Postgresql-common
Devscript
Crossroads
Tmpreaper
Debian-lan-config
PERM
Copyright
2024
, cxsecurity.com
Back to Top