Sign-up

ID

VAR-200903-0004


CVE

CVE-2007-6723


TITLE

Windows and Mac OS X Run on TorK Vulnerabilities whose settings are changed

Trust: 0.8

sources: JVNDB: JVNDB-2009-002717

DESCRIPTION

TorK before 0.22, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration. TorK is prone to multiple insecure-configuration vulnerabilities because of several default configuration options used by the Privoxy web proxy server. Attackers can exploit these issues to bypass proxy filter rules or modify user-defined configuration values. These issues affect versions prior to TorK 0.22. TorK is a powerful KDE desktop anonymous management tool. It is possible to browse the web anonymously through a browser and send anonymous emails from the MixMinion network. You can use ssh, IRC chat tools and IM instant messaging tools anonymously. And can control and monitor anonymous traffic on the Tor network through TorK. This configuration file contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings

Trust: 1.98

sources: NVD: CVE-2007-6723 // JVNDB: JVNDB-2009-002717 // BID: 26386 // VULHUB: VHN-30085

AFFECTED PRODUCTS

vendor:anonymityanywheremodel:torkscope:eqversion:0.22

Trust: 1.6

vendor:anonymityanywheremodel:torkscope:ltversion:0.22

Trust: 0.8

vendor:applemodel:mac os xscope: - version: -

Trust: 0.8

vendor:microsoftmodel:windowsscope: - version: -

Trust: 0.8

vendor:torkmodel:torkscope:eqversion:0.21

Trust: 0.3

vendor:tormodel:vidaliascope:eqversion:0

Trust: 0.3

vendor:torkmodel:torkscope:neversion:0.22

Trust: 0.3

vendor:tormodel:vidaliascope:neversion:0.1.2.18

Trust: 0.3

sources: BID: 26386 // JVNDB: JVNDB-2009-002717 // CNNVD: CNNVD-200903-530 // NVD: CVE-2007-6723

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-6723
value: MEDIUM

Trust: 1.0

NVD: CVE-2007-6723
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200903-530
value: MEDIUM

Trust: 0.6

VULHUB: VHN-30085
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2007-6723
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-30085
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-30085 // JVNDB: JVNDB-2009-002717 // CNNVD: CNNVD-200903-530 // NVD: CVE-2007-6723

PROBLEMTYPE DATA

problemtype:CWE-16

Trust: 1.9

sources: VULHUB: VHN-30085 // JVNDB: JVNDB-2009-002717 // NVD: CVE-2007-6723

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200903-530

TYPE

Configuration Error

Trust: 0.9

sources: BID: 26386 // CNNVD: CNNVD-200903-530

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-002717

PATCH
title:Top Pageurl:https://www.torproject.org/
Trust: 0.8
title:Top Pageurl:http://www.apple.com/
Trust: 0.8
title:Top Pageurl:http://www.microsoft.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2009-002717

EXTERNAL IDS
db:NVDid:CVE-2007-6723
Trust: 2.8
db:BIDid:26386
Trust: 2.0
db:OSVDBid:48694
Trust: 1.7
db:JVNDBid:JVNDB-2009-002717
Trust: 0.8
db:CNNVDid:CNNVD-200903-530
Trust: 0.7
db:MLISTid:[OR-TALK] 20071031 INSECURE PRIVOXY CONFIGURATION IN VIDALIA BUNDLES PRIOR TO 0.1.2.18
Trust: 0.6
db:MLISTid:[OR-TALK] 20071031 RE: INSECURE PRIVOXY CONFIGURATION IN VIDALIA BUNDLES PRIOR TO 0.1.2.18
Trust: 0.6
db:XFid:42280
Trust: 0.6
db:VULHUBid:VHN-30085
Trust: 0.1
sources:
            
            
            VULHUB: VHN-30085 // 
            
            
            
            BID: 26386 // 
            
            
            
            JVNDB: JVNDB-2009-002717 // 
            
            
            
            CNNVD: CNNVD-200903-530 // 
            
            
            
            NVD: CVE-2007-6723

REFERENCES
url:http://archives.seul.org/or/talk/oct-2007/msg00291.html
Trust: 2.0
url:http://sourceforge.net/project/shownotes.php?release_id=551544&group_id=159836
Trust: 1.9
url:http://www.securityfocus.com/bid/26386
Trust: 1.7
url:http://archives.seul.org/or/talk/oct-2007/msg00296.html
Trust: 1.7
url:http://www.osvdb.org/48694
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/42280
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6723
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-6723
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/42280
Trust: 0.6
url:http://www.privoxy.org/
Trust: 0.3
url:http://www.torproject.org/index.html.en
Trust: 0.3
url:http://www.anonymityanywhere.com/tork/index.php?option=com_frontpage&itemid=28
Trust: 0.3
url:http://sourceforge.net/project/shownotes.php?release_id=551544&group_id=159836
Trust: 0.1
sources:
            
            
            VULHUB: VHN-30085 // 
            
            
            
            BID: 26386 // 
            
            
            
            JVNDB: JVNDB-2009-002717 // 
            
            
            
            CNNVD: CNNVD-200903-530 // 
            
            
            
            NVD: CVE-2007-6723

CREDITS
Vidalia Project
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200903-530

SOURCES
db:VULHUBid:VHN-30085
db:BIDid:26386
db:JVNDBid:JVNDB-2009-002717
db:CNNVDid:CNNVD-200903-530
db:NVDid:CVE-2007-6723

LAST UPDATE DATE
2025-04-10T23:03:13.271000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-30085date:2017-08-17T00:00:00
db:BIDid:26386date:2016-07-05T22:00:00
db:JVNDBid:JVNDB-2009-002717date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200903-530date:2009-03-31T00:00:00
db:NVDid:CVE-2007-6723date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-30085date:2009-03-31T00:00:00
db:BIDid:26386date:2007-11-08T00:00:00
db:JVNDBid:JVNDB-2009-002717date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200903-530date:2009-03-31T00:00:00
db:NVDid:CVE-2007-6723date:2009-03-31T17:30:00.327