VAR-200903-0004

Vulnerability from variot - Updated: 2025-04-10 23:03

TorK before 0.22, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration. TorK is prone to multiple insecure-configuration vulnerabilities because of several default configuration options used by the Privoxy web proxy server. Attackers can exploit these issues to bypass proxy filter rules or modify user-defined configuration values. These issues affect versions prior to TorK 0.22. TorK is a powerful KDE desktop anonymous management tool. It is possible to browse the web anonymously through a browser and send anonymous emails from the MixMinion network. You can use ssh, IRC chat tools and IM instant messaging tools anonymously. And can control and monitor anonymous traffic on the Tor network through TorK. This configuration file contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings

Show details on source website

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200903-0004",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "tork",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "anonymityanywhere",
        "version": "0.22"
      },
      {
        "model": "tork",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "anonymityanywhere",
        "version": "0.22"
      },
      {
        "model": "mac os x",
        "scope": null,
        "trust": 0.8,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "windows",
        "scope": null,
        "trust": 0.8,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "tork",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tork",
        "version": "0.21"
      },
      {
        "model": "vidalia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tor",
        "version": "0"
      },
      {
        "model": "tork",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "tork",
        "version": "0.22"
      },
      {
        "model": "vidalia",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "tor",
        "version": "0.1.2.18"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "26386"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002717"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200903-530"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-6723"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:anonymityanywhere:tork",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:microsoft:windows",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002717"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Vidalia Project",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200903-530"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2007-6723",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2007-6723",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-30085",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2007-6723",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2007-6723",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200903-530",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-30085",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-30085"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002717"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200903-530"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-6723"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "TorK before 0.22, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration. TorK is prone to multiple insecure-configuration vulnerabilities because of several default configuration options used by the Privoxy web proxy server. \nAttackers can exploit these issues to bypass proxy filter rules or modify user-defined configuration values. \nThese issues affect versions prior to TorK 0.22. TorK is a powerful KDE desktop anonymous management tool. It is possible to browse the web anonymously through a browser and send anonymous emails from the MixMinion network. You can use ssh, IRC chat tools and IM instant messaging tools anonymously. And can control and monitor anonymous traffic on the Tor network through TorK. This configuration file contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-6723"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002717"
      },
      {
        "db": "BID",
        "id": "26386"
      },
      {
        "db": "VULHUB",
        "id": "VHN-30085"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-6723",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "26386",
        "trust": 2.0
      },
      {
        "db": "OSVDB",
        "id": "48694",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002717",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200903-530",
        "trust": 0.7
      },
      {
        "db": "MLIST",
        "id": "[OR-TALK] 20071031 INSECURE PRIVOXY CONFIGURATION IN VIDALIA BUNDLES PRIOR TO 0.1.2.18",
        "trust": 0.6
      },
      {
        "db": "MLIST",
        "id": "[OR-TALK] 20071031 RE: INSECURE PRIVOXY CONFIGURATION IN VIDALIA BUNDLES PRIOR TO 0.1.2.18",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "42280",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-30085",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-30085"
      },
      {
        "db": "BID",
        "id": "26386"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002717"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200903-530"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-6723"
      }
    ]
  },
  "id": "VAR-200903-0004",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-30085"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-10T23:03:13.271000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "https://www.torproject.org/"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.apple.com/"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.microsoft.com/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002717"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-16",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-30085"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002717"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-6723"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://archives.seul.org/or/talk/oct-2007/msg00291.html"
      },
      {
        "trust": 1.9,
        "url": "http://sourceforge.net/project/shownotes.php?release_id=551544\u0026group_id=159836"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/26386"
      },
      {
        "trust": 1.7,
        "url": "http://archives.seul.org/or/talk/oct-2007/msg00296.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.osvdb.org/48694"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42280"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6723"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-6723"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/42280"
      },
      {
        "trust": 0.3,
        "url": "http://www.privoxy.org/"
      },
      {
        "trust": 0.3,
        "url": "http://www.torproject.org/index.html.en"
      },
      {
        "trust": 0.3,
        "url": "http://www.anonymityanywhere.com/tork/index.php?option=com_frontpage\u0026itemid=28"
      },
      {
        "trust": 0.1,
        "url": "http://sourceforge.net/project/shownotes.php?release_id=551544\u0026amp;group_id=159836"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-30085"
      },
      {
        "db": "BID",
        "id": "26386"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002717"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200903-530"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-6723"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-30085"
      },
      {
        "db": "BID",
        "id": "26386"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002717"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200903-530"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-6723"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-03-31T00:00:00",
        "db": "VULHUB",
        "id": "VHN-30085"
      },
      {
        "date": "2007-11-08T00:00:00",
        "db": "BID",
        "id": "26386"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-002717"
      },
      {
        "date": "2009-03-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200903-530"
      },
      {
        "date": "2009-03-31T17:30:00.327000",
        "db": "NVD",
        "id": "CVE-2007-6723"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-17T00:00:00",
        "db": "VULHUB",
        "id": "VHN-30085"
      },
      {
        "date": "2016-07-05T22:00:00",
        "db": "BID",
        "id": "26386"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-002717"
      },
      {
        "date": "2009-03-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200903-530"
      },
      {
        "date": "2025-04-09T00:30:58.490000",
        "db": "NVD",
        "id": "CVE-2007-6723"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200903-530"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Windows and  Mac OS X Run on  TorK Vulnerabilities whose settings are changed",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002717"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Configuration Error",
    "sources": [
      {
        "db": "BID",
        "id": "26386"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200903-530"
      }
    ],
    "trust": 0.9
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…