CVE-2024-1724: snapd allows $HOME/bin symlink
First published: Mon Jul 01 2024(Updated: )
In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a malicious snap which used the 'home' plug could use this vulnerability to install arbitrary scripts into the users PATH which may then be run by the user outside of the expected snap sandbox and hence allow them to escape confinement.
Credit: security@ubuntu.com security@ubuntu.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| go/github.com/snapcore/snapd | <2.62 | 2.62 |
| debian/snapd | <=2.49-1+deb11u2<=2.57.6-1 | 2.66.1-2 2.67-1 |
| Snapcraft Snapd | <2.62 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/snapcore/snapd/commit/aa191f97713de8dc3ce3ac818539f0b976eb8ef6
- https://gld.mcphail.uk/posts/explaining-cve-2024-1724/
- https://github.com/snapcore/snapd/pull/13689
- https://nvd.nist.gov/vuln/detail/CVE-2024-1724
- https://gld.mcphail.uk/posts/explaining-cve-2024-1724
- https://github.com/advisories/GHSA-4mh8-9689-38vr (Advisory)
- https://pkg.go.dev/vuln/GO-2024-3007
- https://security-tracker.debian.org/tracker/CVE-2024-1724
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1724
- https://launchpad.net/bugs/cve/CVE-2024-1724
- https://ubuntu.com/security/CVE-2024-1724
Frequently Asked Questions
What is the severity of CVE-2024-1724?
CVE-2024-1724 has been classified as a medium severity vulnerability due to improper restrictions on the $HOME/bin path.
How do I fix CVE-2024-1724?
To fix CVE-2024-1724, upgrade snapd to version 2.62 or later.
Which versions of snapd are affected by CVE-2024-1724?
CVE-2024-1724 affects snapd versions prior to 2.62.
What impact does CVE-2024-1724 have on system security?
CVE-2024-1724 can allow an attacker to manipulate scripts in the $HOME/bin directory, potentially leading to privilege escalation.
Is there a patch available for CVE-2024-1724?
Yes, a patch is available in snapd versions 2.62 and higher.
- agent/weakness
- agent/title
- agent/type
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- collector/github-advisory
- source/GitHub
- alias/GHSA-4mh8-9689-38vr
- alias/CVE-2024-1724
- agent/software-canonical-lookup
- collector/github-advisory-latest
- agent/remedy
- agent/severity
- agent/references
- agent/trending
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/last-modified-date
- agent/source
- collector/security-tracker-debian
- source/Debian
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-cve
- package-manager/go
- package-manager/debian
- vendor/canonical
- canonical/snapcraft snapd