CVE-2022-3328 PoC — snapd 竞争条件问题漏洞

Source

https://github.com/Mr-xn/CVE-2022-3328

Associated Vulnerability

Title:snapd 竞争条件问题漏洞 (CVE-2022-3328)
Description:snapd是开源的一个跨平台的包管理工具。 snapd 存在安全漏洞，该漏洞源于当其准备私有/tmp挂载时，snapd snap- restrict二进制文件中发生竞争条件导致本地攻击者可能提升权限并执行任意代码。

Description

CVE-2022-3328 with CVE-2022-41974 and CVE-2022-41973

Readme

# CVE-2022-3328
CVE-2022-3328 with CVE-2022-41974 and CVE-2022-41973

from: 
https://www.qualys.com/2022/11/30/cve-2022-3328/advisory-snap.txt

https://blog.qualys.com/vulnerabilities-threat-research/2022/11/30/race-condition-in-snap-confines-must_mkdir_and_open_with_perms-cve-2022-3328

File Snapshot


 [4.0K]  /data/pocs/f65cee874c5f0358a1a3fc0efc91862b9dc398e7
├── [ 15K]  advisory-snap.txt
└── [ 288]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!