PT-2024-27084 · Unknown · Dnscrypt-Proxy
Published
2024-06-13
·
Updated
2024-08-01
·
CVE-2024-36587
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
DNSCrypt-proxy versions 2.0.0alpha9 through 2.1.5
Description
The issue is related to insecure permissions in DNSCrypt-proxy, allowing non-privileged attackers to escalate privileges to root. This can be achieved by overwriting the binary dnscrypt-proxy.
Recommendations
For DNSCrypt-proxy versions 2.0.0alpha9 through 2.1.5, update to a version that fixes the insecure permissions issue to prevent privilege escalation.
Exploit
Fix
Incorrect Privilege Assignment
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dnscrypt-Proxy