Linux : Oh Snap! More Lemmings (Local Privilege Escalation in snap-confine)

Topic

New Reply

https://www.qualys.com/2022/02/17/cve-2021-44731/oh-snap-more-lemmings.txt

Summary

Two minor bugs
An unexploitable bug
CVE-2021-44730: Hardlink attack in snap-confine’s sc_open_snapd_tool()
CVE-2021-44731: Race condition in snap-confine’s setup_private_mount()
– Case study: Ubuntu Server, near-default installation
– Case study: Ubuntu Desktop, default installation
CVE-2021-3996: Unauthorized unmount in util-linux’s libmount
CVE-2021-3995: Unauthorized unmount in util-linux’s libmount
CVE-2021-3998: Unexpected return value from glibc’s realpath()
CVE-2021-3999: Off-by-one buffer overflow/underflow in glibc’s getcwd()
CVE-2021-3997: Uncontrolled recursion in systemd’s systemd-tmpfiles…

Reply | Quote

Replies

For those who don’t know.
The bottom line: If you don’t use snap you don’t have to worry.

Snap is a software packaging and deployment system for Linux. The packages are called snaps

cheers, Paul

3 users thanked author for this post.

wavy, Charlie, Alex5723

Reply | Quote

also these were fixed and issued circa 18/19th February
https://www.debian.org/security/2022/dsa-5080
https://ubuntu.com/security/notices/USN-5292-1

Windows - commercial by definition and now function...

2 users thanked author for this post.

klang, Charlie

Reply | Quote

24th Feb
On the back of that snapd update comes yet another snapd fix for a regression caused by the previous patch for the following:
Ubuntu 21.10
Ubuntu 20.04 LTS
Ubuntu 18.04 LTS
Ubuntu 16.04 ESM
Ubuntu 14.04 ESM
https://ubuntu.com/security/notices/USN-5292-4

Windows - commercial by definition and now function...

2 users thanked author for this post.

Alex5723, DrBonzo

Reply | Quote

? says:

linux is always on the lookout and always fixes problems pronto. my opinion based on years of experience. on the snap problem i always remove snap so i can do manual security updates. terminal recipe:

journalctl
snap list
sudo snap remove snap-store
sudo snap remove gtk-common-themes
sudo snap remove gnome-3-34-1804
sudo snap remove core18
df
sudo apt purge snapd -s
sudo apt purge snapd
rm -rf ~/snap
sudo rm -rf /snap
sudo rm -rf /var/snap
sudo rm -rf /var/lib/snapd

tada…

1 user thanked author for this post.

wavy

Reply | Quote

? says:

ubuntu 22.04 has a new method for removing the snap snafu:

df -h -a
sudo snap list

remove the loops individually when on live media
if one or more get stuck use: sudo umount -l /dev/loop(x)

sudo snap remove snap-store
sudo apt remove snapd
sudo umount /dev/loop*  (if on live media remove on at a time to avoid killing loop0)
sudo rm -rf /snap
sudo rm -rf /var/snap
sudo rm -rf /var/lib/snapd
sudo rm -rf /etc/systemd/system/snap*
sudo rm -rf /root/snap/ /home/*/snap
sudo apt purge snapd
echo -e ‘Package: snapd\nPin: origin *\nPin-Priority: -1’ | sudo tee /etc/apt/preferences.d/no_snapd

no more snap!

Reply | Quote