snap-confine as included in snapd before 2.39 did not guard against symlink races when performing the chdir() to the current working directory of the calling user, aka a "cwd restore permission bypass."
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2019/04/25/7 | Third Party Advisory |
https://github.com/snapcore/snapd/pull/6642 | Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6VACEKVQ7UAZ32WO4ZKCFW6YOBSYJ76L/ | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VPU6APEZHAA7N2AI57OT4J2P7NKHFOLM/ | |
https://www.openwall.com/lists/oss-security/2019/04/18/4 | Mailing List Exploit Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-04-24T20:02:44
Updated: 2019-07-13T02:06:04
Reserved: 2019-04-24T00:00:00
Link: CVE-2019-11503
JSON object: View
NVD Information
Status : Modified
Published: 2019-04-24T21:29:00.820
Modified: 2023-11-07T03:03:02.650
Link: CVE-2019-11503
JSON object: View
Redhat Information
No data.
CWE