PT-2015-7573 · Tor · Tails

Tomtidaly

Published

2015-12-27

Updated

2024-06-15

CVE-2015-7665

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Tails versions prior to 1.7

Description The issue allows remote FTP servers to discover the Tor client IP address by reading a PORT or EPRT command. This occurs because Tails does not prevent automatic fallback from passive FTP to active FTP when using the wget program.

Recommendations For versions prior to 1.7, consider updating to version 1.7 or later to resolve the issue. As a temporary workaround, restrict the use of the wget program for FTP connections to minimize the risk of IP address exposure.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2015-7665

OPENSUSE-SU-2024:10263-1

Affected Products

Tails

PT-2015-7573 · Tor · Tails

CVE-2015-7665

Weakness Enumeration

Related Identifiers

Affected Products

References · 15