Dismiss this notice
Avast Premier Photo Caption - [Only registered and activated users can see links Click here to register]

Dismiss this notice
FastestVPN Accounts Giveaway - [Only registered and activated users can see links Click here to register]


Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Canonical Snapd Vulnerability Gives Root Access in Linux
#1
Quote:A researcher has discovered a new vulnerability called "Dirty_Sock" in the REST API for Canonical's snapd daemon that can allow attackers to gain root access on Linux machines. To illustrate how these vulnerabilities can be exploited, the researcher has released to PoCs that use different methods to elevate privileges.

This vulnerability has since [Only registered and activated users can see links Click here to register] by Canonical, the maker of Ubuntu and the Snap framework, but unless admins install the snapd update, local users will be able to gain root level access to servers running the daemon.

Security researcher [Only registered and activated users can see links Click here to register], who [Only registered and activated users can see links Click here to register], told BleepingComputer in an interview that while he tested it only on Ubuntu, other Linux servers would most likely be affected.

"This bug would affect any Linux using snapd. Exploitation might vary, though. For example, dirty_sockv1 uses the create-user API. That API actually uses a back-end Linux command "adduser" which is not included in all distros of Linux (some just have useradd, for example). This is one of the reasons I worked really hard to get dirty_sockv2 working - that version lets me include any bash script I want so can be very portable."

SOURCE: [Only registered and activated users can see links Click here to register]
[-] The following 2 users Like silversurfer's post:
  • darktwilight, harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username:


Password:





[-]
Recent Posts
GFYI [Official] Avast Premier MakeUSLau...
Thanks for the Givea...Mohammad.Poorya — 11:54
GFYI [Official] Avast Premier MakeUSLau...
A scene from the ne...divinenews — 11:24
PC Game Giveaway:Mutant Year Zero: Road ...
About Game ...sinanogz — 20:12
Microsoft Warns of Phishing Attacks Usin...
Microsoft security...silversurfer — 18:58
Clickjacking Evolves to Hook Millions of...
Clickjacking, wher...silversurfer — 18:58

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
avatar (48)isyqop
avatar (38)AntoineLer
avatar (32)prefenouff
avatar (33)emogig
avatar (35)Isabelle88Nes
avatar (35)ferpuMip
avatar (32)kinotExaro
avatar (44)HerbertPab
avatar (41)Susanskymn
avatar (35)stepaRurry
avatar (31)torieyang
avatar (40)MichaelPlaup
avatar (33)JasonSoult
avatar (30)hyxamuc

[-]
Online Staff
There are no staff members currently online.

>