CVE-2024-29069

In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap. The snap format is a squashfs file-system image and so can contain symbolic links and other file types. Various file entries within the snap squashfs image (such as icons and desktop files etc) are directly read by snapd when it is extracted. An attacker who could convince a user to install a malicious snap which contained symbolic links at these paths could then cause snapd to write out the contents of the symbolic link destination into a world-readable directory. This in-turn could allow an unprivileged user to gain access to privileged information.
References
Link Resource
https://github.com/snapcore/snapd/pull/13682 Issue Tracking Patch
https://github.com/snapcore/snapd/pull/13682 Issue Tracking Patch
Configurations

Configuration 1 (hide)

cpe:2.3:a:canonical:snapd:*:*:*:*:*:*:*:*

History

21 Nov 2024, 09:07

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.3
v2 : unknown
v3 : 4.8
References () https://github.com/snapcore/snapd/pull/13682 - Issue Tracking, Patch () https://github.com/snapcore/snapd/pull/13682 - Issue Tracking, Patch

26 Aug 2024, 16:55

Type Values Removed Values Added
First Time Canonical
Canonical snapd
CWE CWE-59
References () https://github.com/snapcore/snapd/pull/13682 - () https://github.com/snapcore/snapd/pull/13682 - Issue Tracking, Patch
CVSS v2 : unknown
v3 : 4.8
v2 : unknown
v3 : 7.3
CPE cpe:2.3:a:canonical:snapd:*:*:*:*:*:*:*:*

26 Jul 2024, 12:38

Type Values Removed Values Added
Summary
  • (es) En versiones de snapd anteriores a la 2.62, snapd no podía verificar correctamente el destino de los enlaces simbólicos al extraer un snap. El formato snap es una imagen del sistema de archivos squashfs y, por lo tanto, puede contener enlaces simbólicos y otros tipos de archivos. snapd lee directamente varias entradas de archivos dentro de la imagen de snap squashfs (como íconos y archivos de escritorio, etc.) cuando se extrae. Un atacante que pudiera convencer a un usuario de que instalara un complemento malicioso que contuviera enlaces simbólicos en estas rutas podría hacer que snapd escribiera el contenido del destino del enlace simbólico en un directorio legible por todo el mundo. Esto, a su vez, podría permitir que un usuario sin privilegios obtenga acceso a información privilegiada.

25 Jul 2024, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-25 20:15

Updated : 2024-11-21 09:07


NVD link : CVE-2024-29069

Mitre link : CVE-2024-29069

CVE.ORG link : CVE-2024-29069


JSON object : View

Products Affected

canonical

  • snapd
CWE
CWE-610

Externally Controlled Reference to a Resource in Another Sphere

CWE-59

Improper Link Resolution Before File Access ('Link Following')