CVE-2021-4120 - OpenCVE

snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Canonical	Ubuntu Linux Snapd
Fedoraproject	Fedora

Configuration 1 [-]

cpe:2.3:a:canonical:snapd:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:21.10:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:fedoraproject:fedora:34:::::::*
	cpe:2.3:o:fedoraproject:fedora:35:::::::*

References

Link	Resource
http://www.openwall.com/lists/oss-security/2022/02/18/2	Exploit Mailing List Third Party Advisory
https://bugs.launchpad.net/snapd/+bug/1949368	Exploit Issue Tracking Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QTBN7LLZISXIA4KU4UKDR27Q5PXDS2U/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGHG6LJAVJJ72TMART6A7N4Z6MSTGI7/
https://ubuntu.com/security/notices/USN-5292-1	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: canonical

Published: 2022-02-17T22:15:21

Updated: 2022-02-20T02:06:22

Reserved: 2021-12-14T00:00:00

Link: CVE-2021-4120

JSON object: View

NVD Information

Status : Modified

Published: 2022-02-17T23:15:07.550

Modified: 2023-11-07T03:40:12.727

Link: CVE-2021-4120

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "snapd", "vendor": "Canonical Ltd.", "versions": [{"lessThanOrEqual": "2.54.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Ian Johnson"}], "descriptions": [{"lang": "en", "value": "snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-02-20T02:06:22", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ubuntu.com/security/notices/USN-5292-1"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.launchpad.net/snapd/+bug/1949368"}, {"name": "[oss-security] 20220218 CVE-2021-4120: Insufficient validation of snap content interface and layout paths", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2022/02/18/2"}, {"name": "FEDORA-2022-82bea71e5a", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QTBN7LLZISXIA4KU4UKDR27Q5PXDS2U/"}, {"name": "FEDORA-2022-5df8b52ba4", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGHG6LJAVJJ72TMART6A7N4Z6MSTGI7/"}], "source": {"defect": ["https://launchpad.net/bugs/1949368"], "discovery": "INTERNAL"}, "title": "snapd could be made to bypass intended access restrictions through snap content interfaces and layout paths", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@ubuntu.com", "ID": "CVE-2021-4120", "STATE": "PUBLIC", "TITLE": "snapd could be made to bypass intended access restrictions through snap content interfaces and layout paths"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "snapd", "version": {"version_data": [{"version_affected": "<=", "version_value": "2.54.2"}]}}]}, "vendor_name": "Canonical Ltd."}]}}, "credit": [{"lang": "eng", "value": "Ian Johnson"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1"}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20 Improper Input Validation"}]}]}, "references": {"reference_data": [{"name": "https://ubuntu.com/security/notices/USN-5292-1", "refsource": "MISC", "url": "https://ubuntu.com/security/notices/USN-5292-1"}, {"name": "https://bugs.launchpad.net/snapd/+bug/1949368", "refsource": "MISC", "url": "https://bugs.launchpad.net/snapd/+bug/1949368"}, {"name": "[oss-security] 20220218 CVE-2021-4120: Insufficient validation of snap content interface and layout paths", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/02/18/2"}, {"name": "FEDORA-2022-82bea71e5a", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3QTBN7LLZISXIA4KU4UKDR27Q5PXDS2U/"}, {"name": "FEDORA-2022-5df8b52ba4", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCGHG6LJAVJJ72TMART6A7N4Z6MSTGI7/"}]}, "source": {"defect": ["https://launchpad.net/bugs/1949368"], "discovery": "INTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2021-4120", "datePublished": "2022-02-17T22:15:21", "dateReserved": "2021-12-14T00:00:00", "dateUpdated": "2022-02-20T02:06:22", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:canonical:snapd:*:*:*:*:*:*:*:*", "matchCriteriaId": "90115CE1-12C4-4504-A1A2-9C118694C398", "versionEndIncluding": "2.54.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*", "matchCriteriaId": "AAE4D2D0-CEEB-416F-8BC5-A7987DF56190", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1"}, {"lang": "es", "value": "snapd versi\u00f3n 2.54.2, no lleva a cabo una comprobaci\u00f3n suficiente de la interfaz de contenido de snap y de las rutas de dise\u00f1o, resultando en una posibilidad de que los snaps inyecten reglas de pol\u00edtica de AppArmor arbitrarias por medio de declaraciones de interfaz de contenido y de dise\u00f1o mal formadas y, por tanto, escapen al confinamiento estricto de snap. Corregido en snapd versiones 2.54.3+18.04, 2.54.3+20.04 y 2.54.3+21.10.1"}], "id": "CVE-2021-4120", "lastModified": "2023-11-07T03:40:12.727", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 6.0, "source": "security@ubuntu.com", "type": "Secondary"}]}, "published": "2022-02-17T23:15:07.550", "references": [{"source": "security@ubuntu.com", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/02/18/2"}, {"source": "security@ubuntu.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugs.launchpad.net/snapd/+bug/1949368"}, {"source": "security@ubuntu.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QTBN7LLZISXIA4KU4UKDR27Q5PXDS2U/"}, {"source": "security@ubuntu.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGHG6LJAVJJ72TMART6A7N4Z6MSTGI7/"}, {"source": "security@ubuntu.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://ubuntu.com/security/notices/USN-5292-1"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "security@ubuntu.com", "type": "Secondary"}]}