CVE-2023-1523
Vulnerability from cvelistv5
Published
2023-09-01 18:41
Modified
2024-10-01 13:08
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others are not affected - this can only be exploited when snaps are run on a virtual console.
References
security@ubuntu.comhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1523Third Party Advisory
security@ubuntu.comhttps://github.com/snapcore/snapd/pull/12849Issue Tracking, Patch
security@ubuntu.comhttps://marc.info/?l=oss-security&m=167879021709955&w=2Exploit, Mailing List
security@ubuntu.comhttps://ubuntu.com/security/notices/USN-6125-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1523Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/snapcore/snapd/pull/12849Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108https://marc.info/?l=oss-security&m=167879021709955&w=2Exploit, Mailing List
af854a3a-2127-422b-91ae-364da2661108https://ubuntu.com/security/notices/USN-6125-1Third Party Advisory
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:49:11.645Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://ubuntu.com/security/notices/USN-6125-1"
          },
          {
            "tags": [
              "issue-tracking",
              "x_transferred"
            ],
            "url": "https://github.com/snapcore/snapd/pull/12849"
          },
          {
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://marc.info/?l=oss-security\u0026m=167879021709955\u0026w=2"
          },
          {
            "tags": [
              "issue-tracking",
              "x_transferred"
            ],
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1523"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-1523",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-01T13:08:37.894449Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-01T13:08:45.851Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/snapcore/snapd/releases",
          "packageName": "snapd",
          "platforms": [
            "Linux"
          ],
          "product": "snapd",
          "repo": "https://github.com/snapcore/snapd",
          "vendor": "Canonical Ltd.",
          "versions": [
            {
              "status": "unaffected",
              "version": "2.59.5"
            }
          ]
        }
      ],
      "datePublic": "2023-05-25T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others are not affected - this can only be exploited when snaps are run on a virtual console."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-01T18:41:47.820Z",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://ubuntu.com/security/notices/USN-6125-1"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/snapcore/snapd/pull/12849"
        },
        {
          "tags": [
            "mailing-list"
          ],
          "url": "https://marc.info/?l=oss-security\u0026m=167879021709955\u0026w=2"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1523"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2023-1523",
    "datePublished": "2023-09-01T18:41:47.820Z",
    "dateReserved": "2023-03-20T17:41:17.600Z",
    "dateUpdated": "2024-10-01T13:08:45.851Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-1523\",\"sourceIdentifier\":\"security@ubuntu.com\",\"published\":\"2023-09-01T19:15:42.707\",\"lastModified\":\"2024-11-21T07:39:21.537\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others are not affected - this can only be exploited when snaps are run on a virtual console.\"},{\"lang\":\"es\",\"value\":\"Utilizando la petici\u00f3n IOCTL de TIOCLINUX, un snap malicoso podr\u00eda inyectar contenido en la entrada del terminal de control, lo que podr\u00eda permitir que se ejecutaran comandos arbitrarios fuera del sandbox del snap despu\u00e9s de que \u00e9ste saliera. Los emuladores gr\u00e1ficos de terminal como xterm, gnome-terminal y otros no se ven afectados. Esto s\u00f3lo puede ser explotado cuando los snaps se ejecutan en una consola virtual. \"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@ubuntu.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-74\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:snapd:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.59.5\",\"matchCriteriaId\":\"DB4DC58F-3258-44BA-B2C2-228E98A40282\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"B3293E55-5506-4587-A318-D1734F781C09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"902B8056-9E37-443B-8905-8AA93E2447FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"359012F1-2C63-415A-88B8-6726A87830DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:22.10:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"47842532-D2B6-44CB-ADE2-4AC8630A4D8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:23.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2E702D7-F8C0-49BF-9FFB-883017076E98\"}]}]}],\"references\":[{\"url\":\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1523\",\"source\":\"security@ubuntu.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/snapcore/snapd/pull/12849\",\"source\":\"security@ubuntu.com\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://marc.info/?l=oss-security\u0026m=167879021709955\u0026w=2\",\"source\":\"security@ubuntu.com\",\"tags\":[\"Exploit\",\"Mailing List\"]},{\"url\":\"https://ubuntu.com/security/notices/USN-6125-1\",\"source\":\"security@ubuntu.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1523\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/snapcore/snapd/pull/12849\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://marc.info/?l=oss-security\u0026m=167879021709955\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mailing List\"]},{\"url\":\"https://ubuntu.com/security/notices/USN-6125-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.