2016-04-29 13:53:20 |
Zygmunt Krynicki |
bug |
|
|
added bug |
2016-04-29 13:53:20 |
Zygmunt Krynicki |
attachment added |
|
simple untested fix highlighting the problem https://bugs.launchpad.net/bugs/1576699/+attachment/4651388/+files/fix.patch |
|
2016-04-29 14:05:51 |
Zygmunt Krynicki |
description |
A review of ubuntu-core-launcher code has found that setup_snappy_os_mounts() uses a glob with a potential for security exploit if the attacker can convince an user to install a malicious having a name starting with "ubuntu-core-".
Due to the glob the launcher may, at random, depending on glob result ordering, choose to mount that snap instead of the real ubuntu-core snap into the filesystem namespace of all newly started application processes.
The bug is possible due to incorrect glob and due to incorrect size check. |
A review of ubuntu-core-launcher code has found that setup_snappy_os_mounts() uses a glob with a potential for security exploit if the attacker can convince an user to install a malicious snap having a name starting with "ubuntu-core-".
Due to the glob the launcher may, at random, depending on glob result ordering, choose to mount that snap instead of the real ubuntu-core snap into the filesystem namespace of all newly started application processes.
The bug is possible due to incorrect glob and due to incorrect size check. |
|
2016-04-29 14:10:23 |
Jamie Strandboge |
bug |
|
|
added subscriber Michael Vogt |
2016-04-29 14:16:39 |
Michael Vogt |
ubuntu-core-launcher (Ubuntu): importance |
Undecided |
Critical |
|
2016-04-29 14:16:44 |
Michael Vogt |
ubuntu-core-launcher (Ubuntu): status |
New |
Triaged |
|
2016-04-29 14:18:16 |
Jamie Strandboge |
ubuntu-core-launcher (Ubuntu): importance |
Critical |
High |
|
2016-04-29 14:42:20 |
Zygmunt Krynicki |
description |
A review of ubuntu-core-launcher code has found that setup_snappy_os_mounts() uses a glob with a potential for security exploit if the attacker can convince an user to install a malicious snap having a name starting with "ubuntu-core-".
Due to the glob the launcher may, at random, depending on glob result ordering, choose to mount that snap instead of the real ubuntu-core snap into the filesystem namespace of all newly started application processes.
The bug is possible due to incorrect glob and due to incorrect size check. |
A review of ubuntu-core-launcher code has found that setup_snappy_os_mounts() uses a glob with a potential for security exploit if the attacker can convince an user to install a malicious snap having a name starting with "ubuntu-core".
Due to the glob the launcher may, at random, depending on glob result ordering, choose to mount that snap instead of the real ubuntu-core snap into the filesystem namespace of all newly started application processes.
The bug is possible due to incorrect glob and due to incorrect size check. |
|
2016-04-29 14:47:46 |
Marc Deslauriers |
cve linked |
|
2016-1580 |
|
2016-04-29 16:54:23 |
Launchpad Janitor |
ubuntu-core-launcher (Ubuntu): status |
Triaged |
Fix Released |
|
2016-04-29 16:54:37 |
Jamie Strandboge |
nominated for series |
|
Ubuntu Yakkety |
|
2016-04-29 16:54:37 |
Jamie Strandboge |
bug task added |
|
ubuntu-core-launcher (Ubuntu Yakkety) |
|
2016-04-29 16:54:37 |
Jamie Strandboge |
nominated for series |
|
Ubuntu Xenial |
|
2016-04-29 16:54:37 |
Jamie Strandboge |
bug task added |
|
ubuntu-core-launcher (Ubuntu Xenial) |
|
2016-04-29 16:54:46 |
Jamie Strandboge |
ubuntu-core-launcher (Ubuntu Yakkety): status |
Fix Released |
New |
|
2016-04-29 16:54:55 |
Jamie Strandboge |
ubuntu-core-launcher (Ubuntu Xenial): importance |
Undecided |
High |
|
2016-04-29 16:55:06 |
Jamie Strandboge |
ubuntu-core-launcher (Ubuntu Xenial): status |
New |
Fix Released |
|
2016-04-29 16:55:12 |
Jamie Strandboge |
ubuntu-core-launcher (Ubuntu Yakkety): status |
New |
In Progress |
|
2016-04-29 16:55:14 |
Jamie Strandboge |
ubuntu-core-launcher (Ubuntu Xenial): assignee |
|
Jamie Strandboge (jdstrand) |
|
2016-04-29 16:55:16 |
Jamie Strandboge |
ubuntu-core-launcher (Ubuntu Yakkety): assignee |
|
Jamie Strandboge (jdstrand) |
|
2016-04-29 16:55:46 |
Jamie Strandboge |
information type |
Private Security |
Public Security |
|
2016-04-29 17:05:13 |
Jamie Strandboge |
ubuntu-core-launcher (Ubuntu Yakkety): status |
In Progress |
Fix Committed |
|
2016-04-29 19:02:16 |
Launchpad Janitor |
ubuntu-core-launcher (Ubuntu Yakkety): status |
Fix Committed |
Fix Released |
|