Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.
References
Link | Resource |
---|---|
https://usn.ubuntu.com/3887-1/ | Vendor Advisory |
https://www.exploit-db.com/exploits/46361 | Exploit Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/46362 | Exploit Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: canonical
Published: 2019-02-12T00:00:00
Updated: 2019-04-23T15:57:32
Reserved: 2019-02-01T00:00:00
Link: CVE-2019-7304
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-04-23T16:29:10.797
Modified: 2022-11-30T21:52:11.113
Link: CVE-2019-7304
JSON object: View
Redhat Information
No data.
CWE