CVE-2017-11565
Published: 23 July 2017
debian/tor.init in the Debian tor_0.2.9.11-1~deb9u1 package for Tor was designed to execute aa-exec from the standard system pathname if the apparmor package is installed, but implements this incorrectly (with a wrong assumption that the specific pathname would remain the same forever), which allows attackers to bypass intended AppArmor restrictions by leveraging the silent loss of this protection mechanism. NOTE: this does not affect systems, such as default Debian stretch installations, on which Tor startup relies on a systemd unit file (instead of this tor.init script).
From the Ubuntu Security Team
It was discovered that Tor incorrectly implemented AppArmor restrictions. An attacker could possibly bypass those restrictions and cause an unspecified impact.
Priority
Status
Package | Release | Status |
---|---|---|
tor Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
bionic |
Not vulnerable
(0.3.1.5-alpha-2)
|
|
cosmic |
Not vulnerable
(0.3.1.5-alpha-2)
|
|
disco |
Not vulnerable
(0.3.1.5-alpha-2)
|
|
eoan |
Not vulnerable
(0.3.1.5-alpha-2)
|
|
focal |
Not vulnerable
(0.3.1.5-alpha-2)
|
|
groovy |
Not vulnerable
(0.3.1.5-alpha-2)
|
|
hirsute |
Not vulnerable
(0.3.1.5-alpha-2)
|
|
impish |
Not vulnerable
(0.3.1.5-alpha-2)
|
|
jammy |
Not vulnerable
(0.3.1.5-alpha-2)
|
|
trusty |
Released
(0.2.4.27-1ubuntu0.1+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
upstream |
Needed
|
|
xenial |
Not vulnerable
(0.2.9.14-1ubuntu1~16.04.1)
|
|
zesty |
Ignored
(end of life)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | High |
Availability impact | None |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |