CVE-2024-29069
📋 TL;DR
A symbolic link vulnerability in snapd versions before 2.62 allows attackers to write privileged information to world-readable directories. Attackers can exploit this by creating malicious snaps with specially crafted symbolic links. Users who install untrusted snaps on affected snapd versions are vulnerable.
💻 Affected Systems
- snapd
📦 What is this software?
Snapd by Canonical
⚠️ Risk & Real-World Impact
Worst Case
Privileged information disclosure leading to privilege escalation or sensitive data exposure
Likely Case
Information disclosure of system files or snap configuration data
If Mitigated
No impact if only trusted snaps from official repositories are installed
🎯 Exploit Status
Requires convincing user to install malicious snap; exploitation requires knowledge of snap internals
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.62 and later
Vendor Advisory: https://github.com/snapcore/snapd/pull/13682
Restart Required: No
Instructions:
1. Update snapd: sudo snap refresh snapd
2. Verify version: snap version
3. Ensure version is 2.62 or higher
🔧 Temporary Workarounds
Restrict snap sources
linuxOnly install snaps from trusted sources like the official snap store
Disable snapd temporarily
linuxStop snapd service if not needed
sudo systemctl stop snapd
sudo systemctl disable snapd
🧯 If You Can't Patch
- Only install snaps from official snap store
- Implement strict snap installation policies and user training
🔍 How to Verify
Check if Vulnerable:
Check snapd version: snap version | grep snapdCheck Version:
snap version | grep snapdVerify Fix Applied:
Verify snapd version is 2.62 or higher: snap version📡 Detection & Monitoring
Log Indicators:
- Unusual snap installation activity
- Snap installation from non-standard sources
Network Indicators:
- Downloads of snap packages from untrusted sources
SIEM Query:
process.name="snapd" AND event.action="install" AND NOT source.url CONTAINS "snapcraft.io"