VIR Vulnerability Intelligence Relay

CVE-2024-36587

unknown
Published — · Modified —
💬 Discuss on Community ✚ Propose mitigation
CVSS v3
—
CVSS v4 NEW
—
not yet in upstream
VIR risk
—

Description

Insecure permissions in DNSCrypt-proxy v2.0.0alpha9 to v2.1.5 allows non-privileged attackers to escalate privileges to root via overwriting the binary dnscrypt-proxy.

Predictions

Exploit likelihood
20%
Patch ETA
—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Debian Security Tracker · View original ↗ · DFSG

CVE-2024-36587 NameCVE-2024-36587 DescriptionInsecure permissions in DNSCrypt-proxy v2.0.0alpha9 to v2.1.5 allows non-privileged attackers to escalate privileges to root via overwriting the binary dnscrypt-proxy. SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) Vulnerable and fixed…

CVE-2024-36587

NameCVE-2024-36587
DescriptionInsecure permissions in DNSCrypt-proxy v2.0.0alpha9 to v2.1.5 allows non-privileged attackers to escalate privileges to root via overwriting the binary dnscrypt-proxy.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
dnscrypt-proxy (PTS)bullseye2.0.45+ds1-1fixed
trixie2.1.8+ds1-1fixed
forky2.1.15+ds1-1fixed
sid2.1.16+ds1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
dnscrypt-proxysource(unstable)(not affected)

Notes

- dnscrypt-proxy <not-affected> (Not an issue as packaged in Debian)

Home - Debian Security - Source (Git)

Apply commands

text fix
Notes
- dnscrypt-proxy <not-affected> (Not an issue as packaged in Debian)

OS impact
OSVersionStatusFixed in
debian debianbullseyefixed0
debian debianforkyfixed0
debian debiansidfixed0
debian debiantrixiefixed0

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.