CVE-2021-44731

Sažetak

A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. This could allow a local attacker to gain root privileges by bind-mounting their own contents inside the snap's private mount namespace and causing snap-confine to execute arbitrary code and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1

Reference

https://ubuntu.com/security/notices/USN-5292-1
http://www.openwall.com/lists/oss-security/2022/02/18/2
https://www.debian.org/security/2022/dsa-5080
http://www.openwall.com/lists/oss-security/2022/02/23/2
http://www.openwall.com/lists/oss-security/2022/02/23/1
http://www.openwall.com/lists/oss-security/2022/11/30/2
http://seclists.org/fulldisclosure/2022/Dec/4
http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QTBN7LLZISXIA4KU4UKDR27Q5PXDS2U/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGHG6LJAVJJ72TMART6A7N4Z6MSTGI7/

CVSS

Base:	6.9
Impact:	10.0
Exploitability:	3.4

Pristup

Vektor	Složenost	Autentikacija
LOCAL	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

07-11-2023 - 03:39

Objavljeno

17-02-2022 - 23:15