ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, creates files in the resulting image with the uid of the invoking user. When the resulting image is booted, a local attacker with the same uid as the image creator has unintended access to cloud-init and snapd directories.
References
Link | Resource |
---|---|
https://forum.snapcraft.io/t/ownership-bug-in-ubuntu-image/1285 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-07-11T17:00:00
Updated: 2017-07-11T16:57:01
Reserved: 2017-06-28T00:00:00
Link: CVE-2017-10600
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-07-11T17:29:00.177
Modified: 2019-10-03T00:03:26.223
Link: CVE-2017-10600
JSON object: View
Redhat Information
No data.
CWE