Описание
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| snapd | fixed | 2.37.1-1 | package | |
| snapd | not-affected | stretch | package |
Примечания
https://bugs.launchpad.net/snapd/+bug/1813365
Introduced in 2.28, fixed in 2.37.1
EPSS
Связанные уязвимости
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.
Уязвимость утилиты для управления самодостаточными пакетами snapd, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии
EPSS