2299952 – (CVE-2024-29069) CVE-2024-29069 snapd: snapd failed to properly check the destination of symbolic links when extracting a snap

Bug 2299952 (CVE-2024-29069) - CVE-2024-29069 snapd: snapd failed to properly check the destination of symbolic links when extracting a snap

Summary: CVE-2024-29069 snapd: snapd failed to properly check the destination of symbo...

Keywords:
Status:	NEW
Alias:	CVE-2024-29069
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2024-07-25 20:20 UTC by OSIDB Bzimport
Modified:	2024-07-26 10:24 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2024-07-25 20:20:28 UTC

In snapd versions prior to 2.62, snapd failed to properly check the
destination of symbolic links when extracting a snap. The snap format 
is a squashfs file-system image and so can contain symbolic links and
other file types. Various file entries within the snap squashfs image
(such as icons and desktop files etc) are directly read by snapd when
it is extracted. An attacker who could convince a user to install a
malicious snap which contained symbolic links at these paths could then 
cause snapd to write out the contents of the symbolic link destination
into a world-readable directory. This in-turn could allow an unprivileged
user to gain access to privileged information.

Note You need to log in before you can comment on or make changes to this bug.