USN-4424-1: snapd vulnerabilities

USN-4424-1: snapd vulnerabilities

It was discovered that cloud-init as managed by snapd on Ubuntu Core 16 and
Ubuntu Core 18 devices ran on every boot without restrictions. A physical
attacker could exploit this to craft cloud-init user-data/meta-data via
external media to perform arbitrary changes on the device to bypass
intended security mechanisms such as full disk encryption. This issue did
not affect traditional Ubuntu systems. (CVE-2020-11933)

It was discovered that snapctl user-open allowed altering the XDG_DATA_DIRS
environment variable when calling the system xdg-open. A malicious snap
could exploit this to bypass intended access restrictions to control how
the host system xdg-open script opens the URL. This issue did not affect
Ubuntu Core systems. (CVE-2020-11934)
Source: USN-4424-1: snapd vulnerabilities

About KENNETH 19694 Articles
지락문화예술공작단

Be the first to comment

Leave a Reply

Your email address will not be published.


*


이 사이트는 스팸을 줄이는 아키스밋을 사용합니다. 댓글이 어떻게 처리되는지 알아보십시오.