{"containers":{"cna":{"affected":[{"product":"snapd","vendor":"Canonical Ltd.","versions":[{"lessThanOrEqual":"2.54.2","status":"affected","version":"unspecified","versionType":"custom"}]}],"credits":[{"lang":"en","value":"Qualys Research Team"}],"descriptions":[{"lang":"en","value":"snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to cause snap-confine to execute other arbitrary binaries and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1"}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-59","description":"CWE-59 Improper Link Resolution Before File Access ('Link Following')","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2022-02-23T12:06:05.000Z","orgId":"cc1ad9ee-3454-478d-9317-d3e869d708bc","shortName":"canonical"},"references":[{"tags":["x_refsource_MISC"],"url":"https://ubuntu.com/security/notices/USN-5292-1"},{"name":"[oss-security] 20220218 CVE-2021-4120: Insufficient validation of snap content interface and layout paths","tags":["mailing-list","x_refsource_MLIST"],"url":"http://www.openwall.com/lists/oss-security/2022/02/18/2"},{"name":"FEDORA-2022-82bea71e5a","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QTBN7LLZISXIA4KU4UKDR27Q5PXDS2U/"},{"name":"FEDORA-2022-5df8b52ba4","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGHG6LJAVJJ72TMART6A7N4Z6MSTGI7/"},{"name":"DSA-5080","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"https://www.debian.org/security/2022/dsa-5080"},{"name":"[oss-security] 20220223 Re: CVE-2021-44731: Race condition in snap-confine's setup_private_mount()","tags":["mailing-list","x_refsource_MLIST"],"url":"http://www.openwall.com/lists/oss-security/2022/02/23/1"}],"source":{"discovery":"EXTERNAL"},"title":"snapd could be made to escalate privileges and run programs as administrator","x_generator":{"engine":"Vulnogram 0.0.9"},"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"security@ubuntu.com","ID":"CVE-2021-44730","STATE":"PUBLIC","TITLE":"snapd could be made to escalate privileges and run programs as administrator"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"snapd","version":{"version_data":[{"version_affected":"<=","version_value":"2.54.2"}]}}]},"vendor_name":"Canonical Ltd."}]}},"credit":[{"lang":"eng","value":"Qualys Research Team"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to cause snap-confine to execute other arbitrary binaries and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1"}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-59 Improper Link Resolution Before File Access ('Link Following')"}]}]},"references":{"reference_data":[{"name":"https://ubuntu.com/security/notices/USN-5292-1","refsource":"MISC","url":"https://ubuntu.com/security/notices/USN-5292-1"},{"name":"[oss-security] 20220218 CVE-2021-4120: Insufficient validation of snap content interface and layout paths","refsource":"MLIST","url":"http://www.openwall.com/lists/oss-security/2022/02/18/2"},{"name":"FEDORA-2022-82bea71e5a","refsource":"FEDORA","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3QTBN7LLZISXIA4KU4UKDR27Q5PXDS2U/"},{"name":"FEDORA-2022-5df8b52ba4","refsource":"FEDORA","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCGHG6LJAVJJ72TMART6A7N4Z6MSTGI7/"},{"name":"DSA-5080","refsource":"DEBIAN","url":"https://www.debian.org/security/2022/dsa-5080"},{"name":"[oss-security] 20220223 Re: CVE-2021-44731: Race condition in snap-confine's setup_private_mount()","refsource":"MLIST","url":"http://www.openwall.com/lists/oss-security/2022/02/23/1"}]},"source":{"discovery":"EXTERNAL"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T04:32:12.268Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://ubuntu.com/security/notices/USN-5292-1"},{"name":"[oss-security] 20220218 CVE-2021-4120: Insufficient validation of snap content interface and layout paths","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2022/02/18/2"},{"name":"FEDORA-2022-82bea71e5a","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QTBN7LLZISXIA4KU4UKDR27Q5PXDS2U/"},{"name":"FEDORA-2022-5df8b52ba4","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGHG6LJAVJJ72TMART6A7N4Z6MSTGI7/"},{"name":"DSA-5080","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"https://www.debian.org/security/2022/dsa-5080"},{"name":"[oss-security] 20220223 Re: CVE-2021-44731: Race condition in snap-confine's setup_private_mount()","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2022/02/23/1"}]}]},"cveMetadata":{"assignerOrgId":"cc1ad9ee-3454-478d-9317-d3e869d708bc","assignerShortName":"canonical","cveId":"CVE-2021-44730","datePublished":"2022-02-17T22:15:18.000Z","dateReserved":"2021-12-08T00:00:00.000Z","dateUpdated":"2024-08-04T04:32:12.268Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}