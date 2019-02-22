Multiple vulnerabilities found in Snap-confine function on Linux systems:
Qualys' security researchers have discovered several vulnerabilities affecting Canonical's Snap software packaging and deployment system.
In a blog post, Qualys director of vulnerability and threat research, Bharat Jogi, explained that they found multiple vulnerabilities in the snap-confine function on Linux operating systems, "the most important of which can be exploited to escalate privilege to gain root privileges." Jogi added that Snap was developed by Canonical for operating systems that use the Linux kernel.
"The packages called snaps, and the tool for using them, snapd, work across a range of Linux distributions and allow upstream software developers to distribute their applications directly to users. Snaps are self-contained applications running in a sandbox with mediated access to the host system. Snap-confine is a program used internally by snapd to construct the execution environment for snap applications," Jogi said, noting that the main issue was CVE-2021-44731.
"Successful exploitation of this vulnerability allows any unprivileged user to gain root privileges on the vulnerable host. Qualys security researchers have been able to independently verify the vulnerability, develop an exploit, and obtain full root privileges on default installations of Ubuntu."
[...] They noted that thanks to automatic refreshes, most snap-distributed platform installations in the world have already been fixed via updates.
In addition to CVE-2021-44731, Qualys discovered six other vulnerabilities. They provided a detailed breakdown of each issue and urged all users to patch as soon as possible.
"Unfortunately, such a modern confinement platform involves many subsystems, and sometimes we make mistakes. Thankfully, Canonical and Ubuntu are part of a large community that includes competent security researchers. Recently, Qualys informed us that one of the tools a part of the snap platform contains a security issue. In their words: Discovering and exploiting a vulnerability in snap-confine has been extremely challenging (especially in a default installation of Ubuntu), because snap-confine uses a very defensive programming style, AppArmor profiles, seccomp filters, mount namespaces, and two Go helper programs," a Canonical spokesperson said.
[...] There are no mitigations for CVE-2021-44731, and Jogi noted that while the vulnerability is not remotely exploitable, an attacker can log in as any unprivileged user. The vulnerability can be quickly exploited to gain root privileges.
As more packaging systems become prevalent it seems that this and similar vulnerabilities can leave a lot of systems vulnerable to exploitation. Are we replacing security with convenience again?
(Score: 1, Funny) by Anonymous Coward on Sunday February 20, @03:18PM
Oh snap!
(Score: 2) by Runaway1956 on Sunday February 20, @03:35PM
Sorry, but that is a flaw, in and of itself. Every packaging system is going to have it's unique potential vulnerabilities. The more systems you introduce to the system, the more vulnerabilities. Best to rely on your distribution's package manager. Snap, flatpak, pip, and whatever else you're using each introduces new headaches.
Only you can decide who you are going to trust. Personally, I prefer to only trust one package manager - in my case, apt on a Debian derivative.
