Red Hat Bugzilla – Bug 475454
CVE-2008-5398 tor: does not properly process the ClientDNSRejectInternalAddresses configuration option
Last modified: 2008-12-09 05:23:20 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-5398 to
the following vulnerability:
Patch from ravv:
Backport of R17135 against 0-2-0: https://svn.torproject.org/cgi-bin/viewcvs.cgi?rev=17342&view=rev
Original R17135: https://svn.torproject.org/cgi-bin/viewcvs.cgi?rev=17135&view=rev
This issue affects all versions of the tor package, as shipped
with Fedora releases of 8, 9 and 10.
Please upgrade to latest upstream packages or apply the above patch.
CVE description missing in the comment #0:
Tor before 0.2.0.32 does not properly process the ClientDNSRejectInternalAddresses configuration option in situations where an exit relay issues a policy-based refusal of a stream, which allows remote exit relays to have an unknown impact by mapping an internal IP address to the destination hostname of a refused stream.
All current Fedora versions are already updated to upstream version 0.2.0.23: