CVE-2021-44730
snapd could be made to escalate privileges and run programs as administrator
snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to cause snap-confine to execute other arbitrary binaries and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Produtos afetados
Canonical Ltd. · snapdQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QTBN7LLZISXIA4KU4UKDR27Q5PXDS2U/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGHG6LJAVJJ72TMART6A7N4Z6MSTGI7/https://ubuntu.com/security/notices/USN-5292-1https://www.debian.org/security/2022/dsa-5080http://www.openwall.com/lists/oss-security/2022/02/18/2http://www.openwall.com/lists/oss-security/2022/02/23/1