CVE-2016-1580
First published: Fri May 13 2016(Updated: )
The setup_snappy_os_mounts function in the ubuntu-core-launcher package before 1.0.27.1 improperly determines the mount point of bind mounts when using snaps, which might allow remote attackers to obtain sensitive information or gain privileges via a snap with a name starting with "ubuntu-core."
Credit: security@ubuntu.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ubuntu | =16.04 | |
| canonical ubuntu-core-launcher | =1.0.27 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-1580?
CVE-2016-1580 has a high severity rating due to its potential to allow remote attackers to gain access to sensitive information or escalate privileges.
How do I fix CVE-2016-1580?
To fix CVE-2016-1580, update the ubuntu-core-launcher package to version 1.0.27.1 or later.
Which versions of Ubuntu are affected by CVE-2016-1580?
CVE-2016-1580 specifically affects the ubuntu-core-launcher package version 1.0.27 and earlier on Ubuntu 16.04 LTS.
What types of attacks can CVE-2016-1580 facilitate?
CVE-2016-1580 can facilitate attacks that allow remote attackers to access sensitive information or elevate privileges through malicious snaps.
Is there a workaround for CVE-2016-1580?
There is no official workaround for CVE-2016-1580; upgrading to the patched version is the recommended solution.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/16.04
- canonical/canonical ubuntu-core-launcher
- version/canonical ubuntu-core-launcher/1.0.27