CVE-2021-44731

Опубликовано: 17 фев. 2022

Источник: nvd

CVSS3: 7.8

CVSS2: 6.9

EPSS Низкий

Описание

A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. This could allow a local attacker to gain root privileges by bind-mounting their own contents inside the snap's private mount namespace and causing snap-confine to execute arbitrary code and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1

Ссылки

http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2022/Dec/4
Exploit
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/02/18/2
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/02/23/1
Exploit
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/02/23/2
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/11/30/2
Exploit
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QTBN7LLZISXIA4KU4UKDR27Q5PXDS2U/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGHG6LJAVJJ72TMART6A7N4Z6MSTGI7/
https://ubuntu.com/security/notices/USN-5292-1
Patch
Vendor Advisory
https://www.debian.org/security/2022/dsa-5080
Issue Tracking
Third Party Advisory
http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2022/Dec/4
Exploit
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/02/18/2
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/02/23/1
Exploit
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/02/23/2
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/11/30/2
Exploit
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QTBN7LLZISXIA4KU4UKDR27Q5PXDS2U/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGHG6LJAVJJ72TMART6A7N4Z6MSTGI7/
https://ubuntu.com/security/notices/USN-5292-1
Patch
Vendor Advisory
https://www.debian.org/security/2022/dsa-5080
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:canonical:snapd:*:*:*:*:*:*:*:*

Версия до 2.54.2 (включая)

Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

EPSS

Процентиль: 84%

0.02297

Низкий

7.8 High

CVSS3

6.9 Medium

CVSS2

Дефекты

CWE-362

Связанные уязвимости

CVE-2021-44731

CVSS3: 7.8

ubuntu

больше 3 лет назад

CVE-2021-44731

CVSS3: 7.8

debian

больше 3 лет назад

A race condition existed in the snapd 2.54.2 snap-confine binary when ...

GHSA-m3j9-xfh2-hrgc

CVSS3: 7.8

github

больше 3 лет назад

BDU:2022-01445

CVSS3: 8.8

fstec

больше 3 лет назад

Уязвимость утилиты для управления самодостаточными пакетами snapd, связанная с ошибками выполнения многопоточных задач, позволяющая нарушителю выполнить произвольный код с привилегиями root

ROS-20220304-01

redos

больше 3 лет назад

Множественные уязвимости snapd

EPSS

Процентиль: 84%

0.02297

Низкий

7.8 High

CVSS3

6.9 Medium

CVSS2

Дефекты

CWE-362