CVE-2015-7665

MEDIUM

Tails <1.7 - Info Disclosure

Title source: llm

Description

Tails before 1.7 includes the wget program but does not prevent automatic fallback from passive FTP to active FTP, which allows remote FTP servers to discover the Tor client IP address by reading a (1) PORT or (2) EPRT command. NOTE: within wget itself, the automatic fallback is not considered a vulnerability by CVE.

References (8)

[Various Sources] https://lists.gnu.org/archive/html/bug-wget/2015-08/msg00020.html

[Various Sources] https://mailman.boum.org/pipermail/tails-dev/2015-August/009370.html

[Various Sources] https://mailman.boum.org/pipermail/tails-dev/2015-October/009591.html

[Vendor Advisory] https://tails.boum.org/news/version_1.7/index.en.html

[Patch] http://git.savannah.gnu.org/cgit/wget.git/commit/?id=075d7556964f5a871a73c22ac4b69f5361295099

[Issue Tracking] https://labs.riseup.net/code/issues/10364

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/76678

[Mailing List] http://www.openwall.com/lists/oss-security/2015/10/01/10

Scores

CVSS v3 5.3

EPSS 0.0048

EPSS Percentile 64.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-200

Status draft

Affected Products (1)

tails_project/tails < 1.6

Timeline

Published Dec 27, 2015

Tracked Since Feb 18, 2026