Improper Mount Point Determination in ubuntu-core-launcher Package

Improper Mount Point Determination in ubuntu-core-launcher Package

CVE-2016-1580 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

The setup_snappy_os_mounts function in the ubuntu-core-launcher package before 1.0.27.1 improperly determines the mount point of bind mounts when using snaps, which might allow remote attackers to obtain sensitive information or gain privileges via a snap with a name starting with "ubuntu-core."

Learn more about our Cis Benchmark Audit For Bind.