The snap-confine tool in the Linux world’s Snap software packaging system could be potentially exploited by ordinary users to get root powers, says Qualys.Snap originated by Ubuntu maker Canonical, and will be utilized with Ubuntu and on other Linux distributions, if one so wishes, to set up services and applications. In accordance with infosec biz Qualys, which reported and found the security shortcomings, you can find two ways Snap’s internal program snap-confine could be exploited to get superuser privileges:CVE-2021-44730: a vulnerability involving a hardlink that’s exploitable in a non-default configuration only – the kernel’s fs.protected_hardlinks must be zero.
CVE-2021-44731, a race condition exploitable in default installations of Ubuntu Desktop, and near-default installations of Ubuntu Server – the default server installation and something of the Featured Server Snaps offered during installation
Snap packages are most connected with Ubuntu, as we’ve reported over time.Both flaws are addressed in Ubuntu versions 21.10, 20.04, 18.04 and 16.04 and 14.04 by patching snap-confine to version 2.54.3, with Ubuntu itself noting on its advisory page: “Generally, a typical system update shall make all of the necessary changes.”Those patch releases, by the real way, also address two separate holes: a data leak (CVE-2021-3155) found by James Troup; and an AppArmor bypass (CVE-2021-4120) found by Ian Johnson. In a statement, Canonical said: “As always, we have been thankful to the fantastic community we have been part of, for finding and responsibly disclosing such security issues.”Qualys said it discovered the privilege-escalation vulnerabilities this past year during an audit, this Thursday and public disclosure occurred. The biz found and reported five other related bugs also.
“We almost abandoned our audit following a few days, because snap-confine defensively is programmed very,” Qualys noted in its full technical writeup, citing both defensive programming style and Ubuntu’s AppArmor access control system, which found shutting them out altogether close. Locating the exploit certainly was straightforward, and the technical writeup bears a detailed read, over a cup of tea perhaps.The rocky road to raised Linux software installation: Containers, containers, containers
Flatpak and Snaps aren’t destined for graveyard of failed Linux tech yet
Another Debian dust-up with Firefox dependencies – but there’s an annoying and awkward workaround
Qualys said it had been in a position to develop exploit code to attain privilege escalation.Snap is among several competitors in the app packaging world, year because the Register reported last, and the theory would be to just ensure it is easier for developers to place their application right into a parcel that may be released and installed on multiple distributions. (R)Get our Tech Resources