Three Innocuous Linux Vulnerabilities Used to Gain Full Root Privileges


The Threat Research Unit at Qualys has demonstrated how a new Linux flaw could be combined with two other, seemingly unimportant flaws to grant full root privileges on a vulnerable system.

Race conditions exist in Snapd, a Canonical tool used for the Snap software packaging and deployment system, and the new vulnerability, tracked as CVE-2022-3328, affects it. The flaw specifically affects Snapd’s ‘snap-confine’ program, which creates the environment in which Snap applications run. The vulnerable programme comes preinstalled in Ubuntu, whose developers described CVE-2022-3328 as a high-severity flaw that can be used to execute arbitrary code and gain elevated local privileges.

Also Read: Three Strategies to Ensure Business Continuity After a Ransomware Attack

Researchers from Qualys have demonstrated how CVE-2022-3328 could be used in conjunction with other harmless vulnerabilities for a damaging attack.

Read More: Three Innocuous Linux Vulnerabilities Chained to Obtain Full Root Privileges

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.