Описание
snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to cause snap-confine to execute other arbitrary binaries and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
Ссылки
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- PatchVendor Advisory
- Issue TrackingThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- PatchVendor Advisory
- Issue TrackingThird Party Advisory
Уязвимые конфигурации
Одно из
Одно из
Одно из
EPSS
7.8 High
CVSS3
8.8 High
CVSS3
6.9 Medium
CVSS2
Дефекты
Связанные уязвимости
snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to cause snap-confine to execute other arbitrary binaries and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
snapd 2.54.2 did not properly validate the location of the snap-confin ...
snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to cause snap-confine to execute other arbitrary binaries and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
Уязвимость утилиты для управления самодостаточными пакетами snapd, связанная с ошибками жестких ссылок, позволяющая нарушителю повысить свои привилегии
EPSS
7.8 High
CVSS3
8.8 High
CVSS3
6.9 Medium
CVSS2