The remote Ubuntu 18.04 LTS / 20.04 LTS / 21.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5292-1 advisory.

  - snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only     permissions. This could allow a local attacker to read information that should have been private. Fixed in     snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1 (CVE-2021-3155)

  - snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting     in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and     layout declarations and hence escape strict snap confinement. Fixed in snapd versions 2.54.3+18.04,     2.54.3+20.04 and 2.54.3+21.10.1 (CVE-2021-4120)

  - snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can     hardlink this binary to another location to cause snap-confine to execute other arbitrary binaries and     hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1     (CVE-2021-44730)

  - A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace     for a snap. This could allow a local attacker to gain root privileges by bind-mounting their own contents     inside the snap's private mount namespace and causing snap-confine to execute arbitrary code and hence     gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1     (CVE-2021-44731)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Detections

Analytics

Ubuntu 18.04 LTS / 20.04 LTS : snapd vulnerabilities (USN-5292-1)

high Nessus Plugin ID 158135

Version 1.6