Privilege escalation vulnerability found in snap-confine

Vulnerability in snap-confine
Written by Emma Davis

Several vulnerabilities have been found in Snap that is developed by Canonical. The most serious of vulnerabilities, the one in snap-confine, can be used to escalate privileges to gain root privileges.

Qualys experts talk about the problems and write that the most dangerous is the CVE-2021-44731 vulnerability (7.8 points on the CVSS scale) associated with the operation of the snap-confine utility. This utility is used within the snapd framework for creation of a runtime environment for snap applications.

Successfully exploiting the vulnerability allows any unprivileged user to gain root privileges on the vulnerable host. The bug could be used to gain full root privileges on default Ubuntu installations.the experts warn.

In their own security bulletin, the Red Hat developers describe this as a race condition in the snap-confine component that occurs when preparing a namespace for a snap.

A race condition in snap-confine exists when preparing a private mount namespace for a snap. This could allow a local attacker to gain root privileges by bind-mounting their own contents inside the snap’s private mount namespace and causing snap-confine to execute arbitrary code and hence privilege escalation.the Red Hat experts report.

Experts say that the vulnerability cannot be exploited remotely, but an attacker who logs in as an unprivileged user can exploit the bug to quickly gain superuser rights.

It is also reported that in addition to CVE-2021-44731, six other vulnerabilities were discovered:

  1. CVE-2021-3995 – Unauthorized unmount in libmount util-linux;
  2. CVE-2021-3996 – Unauthorized unmount in libmount util-linux;
  3. CVE-2021-3997 – Uncontrolled recursion in systemd-tmpfiles systemd;
  4. CVE-2021-3998 – Returning unexpected value in glibc realpath();
  5. CVE-2021-3999 – off-by-one overflow and underflow buffer in glibc getcwd();
  6. CVE-2021-44730 – Hardlink attack in sc_open_snapd_tool().

The Ubuntu team was notified of the issues as early as October 27, 2021, and patches were submitted for the issues last week, February 17, 2022.

Let me remind you that we also said that Vulnerability in Argo CD allows to steal data using Helm charts, and also that Fresh Apache Vulnerability May Lead to Remote Code Execution.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply