CVE-2024-52867

CVSS v3.1

8.1

High

Vector

AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GNU Guix versions before 5ab3c4c

Description A privilege escalation issue exists because build outputs are accessible by local users before file metadata concerns, such as for setuid and setgid programs, are properly addressed. This issue can be remediated within the product via certain pull, reconfigure, and restart actions. Both 5ab3c4c and 5582241 are needed to resolve the issue.

Recommendations For GNU Guix versions before 5ab3c4c, perform the following actions to resolve the issue: Pull the necessary updates. Reconfigure the system. Restart the guix-daemon service. Ensure that both 5ab3c4c and 5582241 are applied to fully resolve the issue.

Fix

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

CVE-2024-52867

DLA-3959-1

DSA-5805-1

Affected Products

Gnu Guix

CVE-2024-52867

Weakness Enumeration

Related Identifiers

Affected Products

References · 21