Root privileges through a vulnerability in the Snap Software Distribution System

Attackers may abuse Snap’s software distribution system vulnerabilities to gain root privileges in the system – for example, in a standard Ubuntu desktop configuration. With Snap, users can install custom software packages that are more up-to-date than the original versions from the distribution’s proprietary package sources. To do this, Snap provides an environment with runtime libraries and class layers so that these software packages do not damage the system.

Multiple weaknesses

Attackers can use the content interface designed and layout ads in Snap packages to introduce arbitrary AppArmor rules and thus break Snap Rights restrictions (CVE-2021-4120, CVSS) 8.2risk high). Also, they can get root privileges by hard linking from the executable file snap-confine to any binary file because the snap service is not correctly checking where that file started from (CVE-2021-44730, CVSS 7.8And high). The same effect was due to the alleged race condition snap-confine Possible if attackers truncated their content in it while preparing a private mount namespace (CVE-2021-44731, CVSS 7.8And high).

Another low-severity vulnerability was that older versions of Snap did not set permissions on the ~/snap directory restrictively enough so that unauthorized people could read the information (CVE-2021-3155, CVSS 3.8And a little). in a Qualys . Security Consultant describesan IT security company, detailed how the researchers tracked down the escalation vulnerabilities and developed a proof-of-concept vulnerability for them.

Affected versions

Errors can be found in Explode, Explode Before the current version 2.54.3. Ubuntu has a security tip Lists updated packages for different distribution versions. Since Snap is also offered by many other distributions, Linux users should use their package manager to quickly check, download, and install software updates.

(DMK)