QID 376419
Date Published: 2022-02-17
QID 376419: Snap-Confine Local Privilege Escalation Vulnerability (Oh Snap! More Lemmings)
We have discovered Multiple Vulnerabilities in Linux's snap-confine, a program used internally by snapd to construct the execution environment for snap applications. Snap is a software packaging and deployment system used on Linux Distributions and MacOS.
Here is the list of CVEs' related to this:
CVE-2021-44730: Hardlink attack in snap-confine's sc_open_snapd_tool()
CVE-2021-44731: Race condition in snap-confine's setup_private_mount()
CVE-2021-3996: Unauthorized unmount in util-linux's libmount
CVE-2021-3995: Unauthorized unmount in util-linux's libmount
CVE-2021-3998: Unexpected return value from glibc's realpath()
CVE-2021-3999: Off-by-one buffer overflow/underflow in glibc's getcwd()
and CVE-2021-3997: Uncontrolled recursion in systemd's systemd-tmpfiles
Affected Versions:
As of now, all the versions of snap package manager are vulnerable
QID Detection Logic:
The authenticated QID checks for the Snap package by running the command "snap version" on Linux Distributions and MacOS
Successful exploitation of this vulnerability allows any unprivileged user to gain root privileges on the vulnerable host.
Customers are advised to apply the latest patches.
- Snap-Confine Local Privilege Escalation Vulnerability -
www.qualys.com/2022/02/17/cve-2021-44731/oh-snap-more-lemmings.txt
CVEs related to QID 376419
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| snap-confine Linux Local Privilege Escalation Vulnerability |
security.ubuntu.com/ubuntu/pool/main/s/snapd/?C=M;O=D |