Details of VAR-200903-0003

ID

VAR-200903-0003

CVE

CVE-2007-6722

TITLE

Vidalia bundle Access restriction bypass vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2009-001440

DESCRIPTION

Vidalia bundle before 0.1.2.18, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration. TorK is prone to multiple insecure-configuration vulnerabilities because of several default configuration options used by the Privoxy web proxy server. Attackers can exploit these issues to bypass proxy filter rules or modify user-defined configuration values. These issues affect versions prior to TorK 0.22. TorK is a powerful KDE desktop anonymous management tool. It is possible to browse the web anonymously through a browser and send anonymous emails from the MixMinion network. You can use ssh, IRC chat tools and IM instant messaging tools anonymously. And can control and monitor anonymous traffic on the Tor network through TorK. This configuration file contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings

Trust: 1.98

sources: NVD: CVE-2007-6722 // JVNDB: JVNDB-2009-001440 // BID: 26386 // VULHUB: VHN-30084

AFFECTED PRODUCTS

vendor:	vidalia	model:	bundle	scope:	lte	version:	0.1.2.17	Trust: 1.0
vendor:	vidalia	model:	vidalia	scope:	lt	version:	0.1.2.18	Trust: 0.8
vendor:	vidalia	model:	bundle	scope:	eq	version:	0.1.2.17	Trust: 0.6
vendor:	tork	model:	tork	scope:	eq	version:	0.21	Trust: 0.3
vendor:	tor	model:	vidalia	scope:	eq	version:	0	Trust: 0.3
vendor:	tork	model:	tork	scope:	ne	version:	0.22	Trust: 0.3
vendor:	tor	model:	vidalia	scope:	ne	version:	0.1.2.18	Trust: 0.3

sources: BID: 26386 // JVNDB: JVNDB-2009-001440 // CNNVD: CNNVD-200903-529 // NVD: CVE-2007-6722

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-6722
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2007-6722
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200903-529
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-30084
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2007-6722
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	CVE-2007-6722
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-30084
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-30084 // JVNDB: JVNDB-2009-001440 // CNNVD: CNNVD-200903-529 // NVD: CVE-2007-6722

PROBLEMTYPE DATA

problemtype:	CWE-16	Trust: 1.1
problemtype:	CWE-DesignError	Trust: 0.8

sources: VULHUB: VHN-30084 // JVNDB: JVNDB-2009-001440 // NVD: CVE-2007-6722

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200903-529

TYPE

Configuration Error

Trust: 0.9

sources: BID: 26386 // CNNVD: CNNVD-200903-529

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-001440

PATCH

title:

Top Page

url:

https://www.torproject.org/

Trust: 0.8

sources: JVNDB: JVNDB-2009-001440

EXTERNAL IDS

db:	NVD	id:	CVE-2007-6722	Trust: 2.8
db:	JVNDB	id:	JVNDB-2009-001440	Trust: 0.8
db:	CNNVD	id:	CNNVD-200903-529	Trust: 0.7
db:	MLIST	id:	[OR-TALK] 20071031 INSECURE PRIVOXY CONFIGURATION IN VIDALIA BUNDLES PRIOR TO 0.1.2.18	Trust: 0.6
db:	XF	id:	50066	Trust: 0.6
db:	BID	id:	26386	Trust: 0.3
db:	VULHUB	id:	VHN-30084	Trust: 0.1

sources: VULHUB: VHN-30084 // BID: 26386 // JVNDB: JVNDB-2009-001440 // CNNVD: CNNVD-200903-529 // NVD: CVE-2007-6722

REFERENCES

url:	http://archives.seul.org/or/talk/oct-2007/msg00291.html	Trust: 2.0
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/50066	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6722	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-6722	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/50066	Trust: 0.6
url:	http://www.privoxy.org/	Trust: 0.3
url:	http://www.torproject.org/index.html.en	Trust: 0.3
url:	http://www.anonymityanywhere.com/tork/index.php?option=com_frontpage&itemid=28	Trust: 0.3
url:	http://sourceforge.net/project/shownotes.php?release_id=551544&group_id=159836	Trust: 0.3

sources: VULHUB: VHN-30084 // BID: 26386 // JVNDB: JVNDB-2009-001440 // CNNVD: CNNVD-200903-529 // NVD: CVE-2007-6722

CREDITS

Vidalia Project

Trust: 0.6

sources: CNNVD: CNNVD-200903-529

SOURCES

db:	VULHUB	id:	VHN-30084
db:	BID	id:	26386
db:	JVNDB	id:	JVNDB-2009-001440
db:	CNNVD	id:	CNNVD-200903-529
db:	NVD	id:	CVE-2007-6722

LAST UPDATE DATE

2025-04-10T23:03:13.302000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-30084	date:	2017-08-17T00:00:00
db:	BID	id:	26386	date:	2016-07-05T22:00:00
db:	JVNDB	id:	JVNDB-2009-001440	date:	2009-06-30T00:00:00
db:	CNNVD	id:	CNNVD-200903-529	date:	2021-07-14T00:00:00
db:	NVD	id:	CVE-2007-6722	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-30084	date:	2009-03-31T00:00:00
db:	BID	id:	26386	date:	2007-11-08T00:00:00
db:	JVNDB	id:	JVNDB-2009-001440	date:	2009-06-30T00:00:00
db:	CNNVD	id:	CNNVD-200903-529	date:	2009-03-31T00:00:00
db:	NVD	id:	CVE-2007-6722	date:	2009-03-31T17:30:00.280