Multiple vulnerabilities in Snapd



Published: 2024-08-01
Risk Medium
Patch available YES
Number of vulnerabilities 3
CVE-ID CVE-2024-1724
CVE-2024-29068
CVE-2024-29069
CWE-ID CWE-254
CWE-20
CWE-61
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Snapd
Universal components / Libraries / Software for developers

Vendor snapcore

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Security features bypass

EUVDB-ID: #VU95152

Risk: Medium

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-1724

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists die to snapd failes to restrict writes to the $HOME/bin path when using AppArmor for enforcement of sandbox permissions. A remote attacker can trick the victim to install a malicious snap and install arbitrary scripts into the users PATH which.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Snapd: 2.0 - 2.61.3

External links

http://github.com/snapcore/snapd/commit/aa191f97713de8dc3ce3ac818539f0b976eb8ef6
http://gld.mcphail.uk/posts/explaining-cve-2024-1724/
http://github.com/snapcore/snapd/pull/13689


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Input validation error

EUVDB-ID: #VU95151

Risk: Medium

CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-29068

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of file types when extracting a snap. A remote attacker can trick the victim into installing a malicious snap and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Snapd: 2.0 - 2.61.3

External links

http://github.com/snapcore/snapd/commit/b66fee81606a1c05f965a876ccbaf44174194063
http://github.com/snapcore/snapd/pull/13682


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) UNIX symbolic link following

EUVDB-ID: #VU95150

Risk: Low

CVSSv3.1: 2.5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-29069

CWE-ID: CWE-61 - UNIX Symbolic Link (Symlink) Following

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a symlink following issue when extracting a snap. An attacker who could convince a user to install a malicious snap can force the application to write data into a world-readable directory and gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Snapd: 2.0 - 2.61.3

External links

http://github.com/snapcore/snapd/pull/13682


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###