Friday, March 24, 2023
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Podcasts
  • Web Hosting Directory
  • Login
  • Register
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Software
    • Network/Internet
    • Hardware
    • Artificial Intelligence
    • Windows
    • Policy/Legislation
    • Blockchain
    • Troubleshooting
    • How-Tos
    • Articles
No Result
View All Result
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Software
    • Network/Internet
    • Hardware
    • Artificial Intelligence
    • Windows
    • Policy/Legislation
    • Blockchain
    • Troubleshooting
    • How-Tos
    • Articles
No Result
View All Result
Cloud7 News
No Result
View All Result

Home > Cybersecurity > Linux snap-confine function is vulnerable

Linux snap-confine function is vulnerable

Qualys Research Team has published a whitepaper about a flaw in the snap-confine function in Linux, allowing escalation of privilege.


Rusen Gobel Rusen Gobel
February 18, 2022
2 min read
Linux snap-confine function is vulnerable

The researchers of Qualys have found several vulnerabilities in the snap-confine function of the Linux operating system. According to the whitepaper Qualys published, one of them allows attackers to escalate privilege to gain root access. This issue can be tracked by CVE-2021-44731 and has a CVSS score of 7.8. The flaw can only be exploited locally.

7 vulnerabilities in total

There are 6 more vulnerabilities related to Linux Snap features. CVE-2021-44730, which also allows local escalation of privilege has the same CVSS score as CVE-2021-44731; 7.8. The other flaws related to the Snap features are listed below:

  • CVE-2021-3996: Unauthorized unmount in util-linux’s libmount
  • CVE-2021-3995: Unauthorized unmount in util-linux’s libmount
  • CVE-2021-3998: Unexpected return value from glibc’s realpath()
  • CVE-2021-3999: Off-by-one buffer overflow/underflow in glibc’s getcwd()
  • CVE-2021-3997: Uncontrolled recursion in systemd’s systemd-tmpfiles
Bharat Jogi, director of vulnerability and threat research at Qualys
Bharat Jogi, director of vulnerability and threat research at Qualys

Snap is a widely used system that is used for packaging and distributing applications on Linux operating system. Bharat Jogi, director of vulnerability and threat research at Qualys has explained Snap:

« Snap is a software packaging and deployment system developed by Canonical for operating systems that use the Linux kernel. The packages, called snaps, and the tool for using them, snapd, work across a range of Linux distributions and allow upstream software developers to distribute their applications directly to users. Snaps are self-contained applications running in a sandbox with mediated access to the host system. Snap-confine is a program used internally by snapd to construct the execution environment for snap applications. »

Currently, the vulnerabilities have no mitigations. Hopefully, they are only exploitable locally, which lowers the risks by far.


Related: What are the differences between Snap, Flatpak, and AppImage?

 

See more Cybersecurity News

A comprehensive guide to understanding Cybersecurity: What is Cybersecurity?


Tags: QualysSnap
Rusen Gobel

Rusen Gobel

Rusen Gobel is the managing editor of Cloud7. With more than 10 years of experience, Rusen worked as a hardware and software news editor for technology sites such as ShiftDelete, Teknokulis, Hardware Plus, BT Haber. In addition, Rusen publishes consumer product reviews on his YouTube channel. While consumer electronics has been his main focus for years, now Rusen is more interested in WordPress and software development. He had contributed different web application projects in his professional career. Rusen had graduated from Istanbul University, department of Computer Engineering. Rusen has a very high passion for learning and writing for every kind of technology. That's why he has been working as a tech editor for more than ten years on several different technology magazines and online news portals.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Next Post
Breach Prevention, Detection and Response Summit

Breach Prevention, Detection and Response Summit

Related News

CISA aims to identify vulnerabilities that attract ransomware

CISA aims to identify vulnerabilities that attract ransomware

March 22, 2023 2:10 pm
7 best cybersecurity schools

7 best cybersecurity schools

March 21, 2023 9:00 pm
Akamai researchers warn about the new HinataBot botnet

Akamai researchers warn about the new HinataBot botnet

March 20, 2023 6:10 pm
7 biggest data breaches in the history of the internet

7 biggest data breaches in the history of the internet

March 16, 2023 10:55 pm
Get free daily newsletters from Cloud7 News Get the Cloud7 Newsletter
Select list(s):

Check your inbox or spam folder to confirm your subscription.

By subscribing, you agree to our
Copyright Policy and Privacy Policy

Get the free newsletter

Subscribe to receive the latest IT business updates straight to your inbox.

Select list(s):

Check your inbox or spam folder to confirm your subscription.

Recent News

  • Photopea review: The best free Photoshop alternative for Linux
  • CloudFest 2023 is completed
  • EdgeConneX executes $3.3B in sustainability-linked financing
  • How to manage DNS settings in Linux
  • What is Cloudflare Warp?

Cloud7 News
Cloud7 is a news source that publishes the latest news, reviews, comparisons, opinions, and exclusive interviews to help tech users of high-experience levels in the IT industry.

EXPLORE

  • Web Hosting
  • Cloud Computing
  • Data Center
  • Cybersecurity
  • Linux
  • Network/Internet
  • Software
  • Hardware
  • Artificial Intelligence
  • How-Tos
  • Troubleshooting

RESOURCES

  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Podcasts
  • Web Hosting Directory

Get the Cloud7 Newsletter

Get FREE daily newsletters from Cloud7 delivering the latest news and reviews.

  • About Us
  • Privacy & Policy
  • Copyright Policy
  • Contact

© 2023, Cloud7 News. All rights reserved.

No Result
View All Result
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Software
    • Network/Internet
    • Hardware
    • Artificial Intelligence
    • Windows
    • Policy/Legislation
    • Blockchain
    • Troubleshooting
    • How-Tos
    • Articles
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Podcasts
  • Web Hosting Directory

© 2023, Cloud7 News. All rights reserved.

Welcome Back!

Sign In with Facebook
Sign In with Google
Sign In with Linked In
OR

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Sign Up with Facebook
Sign Up with Google
Sign Up with Linked In
OR

Fill the forms below to register

*By registering into our website, you agree to the Terms & Conditions and Privacy Policy.
All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.