Dismiss this notice
Ashampoo Photo Optimizer 7 New Year 2019 Giveaway-https://www.geeks.fyi/showthread.php?tid=4948

Dismiss this notice
MakeUSLaugh_HitmanPro.Alert New Year 2019 Giveaway- https://www.geeks.fyi/showthread.php?tid=4946

Dismiss this notice
Ashampoo Burning Studio 20 New Year 2019 Giveaway- https://www.geeks.fyi/showthread.php?tid=4947

Dismiss this notice
PowerISO New Year 2019 Giveaway - https://www.geeks.fyi/showthread.php?tid=5170


Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Canonical Snapd Vulnerability Gives Root Access in Linux
#1
Quote:A researcher has discovered a new vulnerability called "Dirty_Sock" in the REST API for Canonical's snapd daemon that can allow attackers to gain root access on Linux machines. To illustrate how these vulnerabilities can be exploited, the researcher has released to PoCs that use different methods to elevate privileges.

This vulnerability has since been patched by Canonical, the maker of Ubuntu and the Snap framework, but unless admins install the snapd update, local users will be able to gain root level access to servers running the daemon.

Security researcher Chris Moberly, who discovered this bug, told BleepingComputer in an interview that while he tested it only on Ubuntu, other Linux servers would most likely be affected.

"This bug would affect any Linux using snapd. Exploitation might vary, though. For example, dirty_sockv1 uses the create-user API. That API actually uses a back-end Linux command "adduser" which is not included in all distros of Linux (some just have useradd, for example). This is one of the reasons I worked really hard to get dirty_sockv2 working - that version lets me include any bash script I want so can be very portable."

SOURCE: https://www.bleepingcomputer.com/news/se...-in-linux/
[-] The following 2 users say Thank You to silversurfer for this post:
  • darktwilight, harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Latest Threads
GridinSoft Anti-Malware Valentine Giveaw...
Last Post: deathsmear
Today 23:43
» Replies: 0
» Views: 2
Gridinsoft Anti-Malware 50% OFF
Last Post: deathsmear
Today 23:40
» Replies: 0
» Views: 2
Marriott now lets you check if you’re a ...
Last Post: Toligo
Today 23:01
» Replies: 0
» Views: 18
How AI and machine learning can help you...
Last Post: Toligo
Today 22:58
» Replies: 0
» Views: 31
Five emerging cybersecurity threats you ...
Last Post: Toligo
Today 22:51
» Replies: 0
» Views: 24
Twitter has been storing your ‘deleted’ ...
Last Post: Toligo
Today 22:48
» Replies: 0
» Views: 15
Ransomware attackers exploit old plug-in...
Last Post: Toligo
Today 22:45
» Replies: 0
» Views: 20
Using Machine Learning to Detect Malware...
Last Post: Toligo
Today 22:44
» Replies: 0
» Views: 37
G DATA Security Blog_DeepRay foils cyber...
Last Post: jasonX
Today 18:34
» Replies: 0
» Views: 28
G DATA Security Blog_Emotet: G DATA expl...
Last Post: jasonX
Today 18:31
» Replies: 0
» Views: 26
G DATA Antivirus Software 2019
Last Post: jasonX
Today 18:23
» Replies: 0
» Views: 9
The hacking strategies that will dominat...
Last Post: Toligo
Today 17:37
» Replies: 0
» Views: 23
PC Game Giveaway: EMMA The Story
Last Post: sinanogz
Today 15:26
» Replies: 0
» Views: 28
Microsoft Edge, Google Chrome Will Be Ab...
Last Post: silversurfer
Today 10:15
» Replies: 0
» Views: 34
Google working on new Chrome security fe...
Last Post: silversurfer
Today 10:10
» Replies: 0
» Views: 35
[Official] MakeUSLaugh_HitmanPro.Alert N...
Last Post: jasonX
Today 07:17
» Replies: 14
» Views: 1058
Sandboxie updates
Last Post: silversurfer
Yesterday 22:32
» Replies: 3
» Views: 399
Mozilla to harden Firefox defenses with ...
Last Post: Toligo
Yesterday 22:21
» Replies: 2
» Views: 31
Vox Media targets YouTuber that parodied...
Last Post: Toligo
Yesterday 22:18
» Replies: 0
» Views: 37
Bank of Valleta Shuts Down Their Service...
Last Post: Toligo
Yesterday 22:06
» Replies: 0
» Views: 39

[-]
Staffs Online
harlan4096's profile harlan4096
Administrator