vulnerability

Ubuntu: USN-2956-1 (CVE-2016-1580): ubuntu-core-launcher vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	Apr 29, 2016	Apr 29, 2016	Apr 14, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

Apr 29, 2016

Added

Apr 29, 2016

Modified

Apr 14, 2025

Description

Zygmunt Krynicki discovered that ubuntu-core-launcher did not properly
sanitize its input and contained a logic error when determining the
mountpoint of bind mounts when using snaps on Ubuntu classic systems (eg,
traditional desktop and server). If a user were tricked into installing a
malicious snap with a crafted snap name, an attacker could perform a
delayed attack to steal data or execute code within the security context of
another snap. This issue did not affect Ubuntu Core systems.

Solution

ubuntu-upgrade-ubuntu-core-launcher

References

CVE-2016-1580
https://attackerkb.com/topics/CVE-2016-1580
NVD-CVE-2016-1580
UBUNTU-USN-2956-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today