Multiple Vulnerabilities Found in Snap-Confine Function on Linux Systems

by
janrinok
from SoylentNews on (#5WB6F)

upstart writes:

Multiple vulnerabilities found in Snap-confine function on Linux systems:

Qualys' security researchers have discovered several vulnerabilities affecting Canonical's Snap software packaging and deployment system.

In a blog post, Qualys director of vulnerability and threat research, Bharat Jogi, explained that they found multiple vulnerabilities in the snap-confine function on Linux operating systems, "the most important of which can be exploited to escalate privilege to gain root privileges." Jogi added that Snap was developed by Canonical for operating systems that use the Linux kernel.

"The packages called snaps, and the tool for using them, snapd, work across a range of Linux distributions and allow upstream software developers to distribute their applications directly to users. Snaps are self-contained applications running in a sandbox with mediated access to the host system. Snap-confine is a program used internally by snapd to construct the execution environment for snap applications," Jogi said, noting that the main issue was CVE-2021-44731.

"Successful exploitation of this vulnerability allows any unprivileged user to gain root privileges on the vulnerable host. Qualys security researchers have been able to independently verify the vulnerability, develop an exploit, and obtain full root privileges on default installations of Ubuntu."

Read more of this story at SoylentNews.

External Content
Source RSS or Atom Feed
Feed Location https://soylentnews.org/index.rss
Feed Title SoylentNews
Feed Link https://soylentnews.org/
Feed Copyright Copyright 2014, SoylentNews
Reply 0 comments