Linux Distros Unpatched Vulnerability : CVE-2024-1724

🗓️ 05 Mar 2025 00:00:00Reported by TenableType

Linux hosts are vulnerable due to unpatched snapd flaw allowing unauthorized script execution.

Reporter	Title	Published	Views	Family All 29
Circl	CVE-2024-1724	2 Jul 202411:12	–	circl
CNNVD	snapd 安全漏洞	25 Jul 202400:00	–	cnnvd
CVE	CVE-2024-1724	25 Jul 202419:05	–	cve
Cvelist	CVE-2024-1724 snapd allows $HOME/bin symlink	25 Jul 202419:05	–	cvelist
Debian CVE	CVE-2024-1724	25 Jul 202419:05	–	debiancve
EUVD	EUVD-2024-2247	3 Oct 202520:07	–	euvd
Github Security Blog	snapd failed to restrict writes to the $HOME/bin path	25 Jul 202421:31	–	github
NVD	CVE-2024-1724	25 Jul 202419:15	–	nvd
OpenVAS	Ubuntu: Security Advisory (USN-6940-1)	2 Aug 202400:00	–	openvas
OpenVAS	Ubuntu: Security Advisory (USN-6940-2)	13 Jan 202500:00	–	openvas

Source	Link
security-tracker	www.security-tracker.debian.org/tracker/CVE-2024-1724
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(227585);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/08/09");

  script_cve_id("CVE-2024-1724");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2024-1724");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed
    to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to
    the users PATH. An attacker who could convince a user to install a malicious snap which used the 'home'
    plug could use this vulnerability to install arbitrary scripts into the users PATH which may then be run
    by the user outside of the expected snap sandbox and hence allow them to escape confinement.
    (CVE-2024-1724)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-1724");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-1724");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2024-1724");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/07/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/03/05");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:11.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:12.0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:snapd");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("set_linux_os_id.nasl", "ssh_get_info2.nasl");
  script_require_keys("Host/OS/identifier", "Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched");
  script_require_ports("Host/OS/Debian Linux-11", "Host/OS/Debian Linux-12");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Debian Linux-12": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "12",
        "pkgs": [
          {"reference": "golang-github-snapcore-snapd-dev"},
          {"reference": "snap-confine"},
          {"reference": "snapd"},
          {"reference": "ubuntu-core-launcher"}
        ]
      }
    ]
  },
  "Debian Linux-11": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "11",
        "pkgs": [
          {"reference": "golang-github-snapcore-snapd-dev"},
          {"reference": "golang-github-ubuntu-core-snappy-dev"},
          {"reference": "snap-confine"},
          {"reference": "snapd"},
          {"reference": "ubuntu-core-launcher"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

09 Aug 2025 00:00Current

7.8High risk

Vulners AI Score7.8

CVSS 3.16.3 - 8.2

EPSS0.00036

SSVC