Science & Technology News

2022-02-18 18:31:48+00:00

Privilege escalation in Snap package manager detected

Several holes were found in the Snap package manager at once, the most dangerous of which can be used to elevate privileges to the root user level.

Snaps are stand-alone application packages that are designed for operating systems with a Linux kernel and are installed using snapd.

The reported issue, filed CVE-2021-44731, relates to the ability to escalate privileges through the snap-confine functionality that snapd internally builds the runtime environment for Snap applications. The severity of the vulnerability is rated at 7.8 CVSS points.

In his report, Bharat Yogi, Head of Vulnerability and Threat Research at Qualys, writes the following:

“Successfully exploiting this vulnerability allows any unprivileged user to gain root rights on the host. Our staff were able to independently confirm this issue, create an exploit, and gain full root privileges on basic Ubuntu installations."

The Ubuntu website describes the vulnerability as a "race condition" in the snap-confine component:

“There is a race condition in snap-confine when preparing for a snap a private mount namespace. This allows a local attacker to gain root privileges by binding mounting their own content into this namespace, which results in arbitrary privilege escalation code being snap-confined."

In addition, the researchers found six other threats:

CVE-2021-3995 - A logical error in one of the libmount library functions that allows an unprivileged user to unmount a FUSE file system;

CVE-2021-3996 - Unauthorized unmount in libmount (see above);

CVE-2021-3997 – Unmanaged recursion in systemd-tmpfiles that can lead to a denial of service on boot due to creating too many subdirectories in /tmp.

CVE-2021-3998 – glibc's realpath() function may erroneously return an unexpected value, potentially leaking information and exposing sensitive data.

CVE-2021-3999 - Buffer overflow/underflow in glibc's getcwd() can cause memory corruption when buffer file size is exactly 1.

CVE-2021-44730 – snapd 2.54.2 incorrectly determined the location of the snap-confine executable. A local attacker could have hardlinked this file to another location in order for snap-confine to execute other files, resulting in privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1.

CVE-2021-44731 was reported to the Ubuntu Security team on October 27, 2021, and the team released the patches on February 17.

Qualys also noted that despite the impossibility of remote exploitation of the vulnerability, an attacker who logs in as an unprivileged user can “quickly” use the bug to obtain root rights. So it is advisable to install the released patches as early as possible to eliminate potential threats.

The publication is based on the news: New Linux Privilege Escalation Flaw Uncovered in Snap Package Manager

bbabo.Net

A man lay in the forest for three days next to the body of his wife
A resident of England spent three days in the forest next to the corpse of his wife, reports the Mirror
Scientists have proven that beautiful people have higher immunity
Beautiful appearance may indicate high immunity, researchers from Texas Christian University found
Russia - The leading regions in issuing preferential mortgages have changed
Russia (bbabo.net), - In regions with expensive housing, the volume of issued mortgage loans with state
Lithuania responded to accusations of attempts to attack Belarus with drones
Belarus (bbabo.net), - The drone attack on Belarus by Lithuania is “disinformation

Science & Technology News

Privilege escalation in Snap package manager detected

A man lay in the forest for three days next to the body of his wife

Scientists have proven that beautiful people have higher immunity

Russia - The leading regions in issuing preferential mortgages have changed

Lithuania responded to accusations of attempts to attack Belarus with drones