Back to search
CVE-2017-10600
Published: Jul 11, 2017
Modified: Aug 5, 2024
PUBLISHED
Description
ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, creates files in the resulting image with the uid of the invoking user. When the resulting image is booted, a local attacker with the same uid as the image creator has unintended access to cloud-init and snapd directories.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://forum.snapcraft.io/t/ownership-bug-in-ubuntu-image/1285
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now