CVE-2024-29069

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-29069
In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap. The snap format is a squashfs file-system image and so can contain symbolic links and other file types. Various file entries within the snap squashfs image (such as icons and desktop files etc) are directly read by snapd when it is extracted. An attacker who could convince a user to install a malicious snap which contained symbolic links at these paths could then cause snapd to write out the contents of the symbolic link destination into a world-readable directory. This in-turn could allow an unprivileged user to gain access to privileged information.

7.3 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.3 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/snapcore/snapd/pull/13682 Issue Tracking Patch
Configurations

Configuration 1 (hide)

cpe:2.3:a:canonical:snapd:*:*:*:*:*:*:*:*
History

26 Aug 2024, 16:55

Type Values Removed Values Added
CWE CWE-59
CVSS v2 : unknown
v3 : 4.8 		v2 : unknown
v3 : 7.3
CPE cpe:2.3:a:canonical:snapd:*:*:*:*:*:*:*:*
References () https://github.com/snapcore/snapd/pull/13682 - () https://github.com/snapcore/snapd/pull/13682 - Issue Tracking, Patch
First Time Canonical
Canonical snapd

26 Jul 2024, 12:38

Type Values Removed Values Added
Summary
  • (es) En versiones de snapd anteriores a la 2.62, snapd no podía verificar correctamente el destino de los enlaces simbólicos al extraer un snap. El formato snap es una imagen del sistema de archivos squashfs y, por lo tanto, puede contener enlaces simbólicos y otros tipos de archivos. snapd lee directamente varias entradas de archivos dentro de la imagen de snap squashfs (como íconos y archivos de escritorio, etc.) cuando se extrae. Un atacante que pudiera convencer a un usuario de que instalara un complemento malicioso que contuviera enlaces simbólicos en estas rutas podría hacer que snapd escribiera el contenido del destino del enlace simbólico en un directorio legible por todo el mundo. Esto, a su vez, podría permitir que un usuario sin privilegios obtenga acceso a información privilegiada.

25 Jul 2024, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-07-25 20:15

Updated : 2024-08-26 16:55

NVD link : CVE-2024-29069

Mitre link : CVE-2024-29069

CVE.ORG link : CVE-2024-29069

JSON object : View

Products Affected

canonical

  • snapd
CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')

CWE-610

Externally Controlled Reference to a Resource in Another Sphere


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024