Dismiss this notice
Master PDF Editor Easter 2019 Giveaway - https://www.geeks.fyi/showthread.php?tid=6240

Dismiss this notice
Avast Premier Easter 2019 Giveaway - https://www.geeks.fyi/showthread.php?tid=6095

Dismiss this notice
Ashampoo Snap 10 Easter 2019 Giveaway - https://www.geeks.fyi/showthread.php?tid=6241

Dismiss this notice
Backup4all Professional Easter 2019 Giveaway - https://www.geeks.fyi/showthread.php?tid=6464


Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Canonical Snapd Vulnerability Gives Root Access in Linux
#1
Quote:A researcher has discovered a new vulnerability called "Dirty_Sock" in the REST API for Canonical's snapd daemon that can allow attackers to gain root access on Linux machines. To illustrate how these vulnerabilities can be exploited, the researcher has released to PoCs that use different methods to elevate privileges.

This vulnerability has since been patched by Canonical, the maker of Ubuntu and the Snap framework, but unless admins install the snapd update, local users will be able to gain root level access to servers running the daemon.

Security researcher Chris Moberly, who discovered this bug, told BleepingComputer in an interview that while he tested it only on Ubuntu, other Linux servers would most likely be affected.

"This bug would affect any Linux using snapd. Exploitation might vary, though. For example, dirty_sockv1 uses the create-user API. That API actually uses a back-end Linux command "adduser" which is not included in all distros of Linux (some just have useradd, for example). This is one of the reasons I worked really hard to get dirty_sockv2 working - that version lets me include any bash script I want so can be very portable."

SOURCE: https://www.bleepingcomputer.com/news/se...-in-linux/
[-] The following 2 users Like silversurfer's post:
  • darktwilight, harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Latest Threads
Try Out the Reader Mode in Microsoft’s N...
Last Post: silversurfer
Yesterday 14:13
» Replies: 0
» Views: 31
Microsoft Brings a Key Security Feature ...
Last Post: silversurfer
Yesterday 14:13
» Replies: 0
» Views: 30
PC Game Giveaway:Assassins Creed Unity
Last Post: sinanogz
Yesterday 10:57
» Replies: 0
» Views: 27
LibreOffice 6.1.2
Last Post: JM Safe
Yesterday 09:53
» Replies: 5
» Views: 200
WhatsApp Will Allow Users to Block Conve...
Last Post: JM Safe
Yesterday 09:51
» Replies: 1
» Views: 32
Avast Blog_Security News: Facebook wants...
Last Post: harlan4096
Yesterday 07:51
» Replies: 0
» Views: 29
Avast Blog_Tips & Advices: Are budget-tr...
Last Post: harlan4096
Yesterday 07:49
» Replies: 0
» Views: 24
Emsisoft Anti-Malware named one of AVLab...
Last Post: harlan4096
Yesterday 07:41
» Replies: 0
» Views: 52
Next generation antivirus: the future of...
Last Post: harlan4096
Yesterday 07:38
» Replies: 0
» Views: 38
10 Chrome Extensions to Boost Your Onlin...
Last Post: harlan4096
Yesterday 07:31
» Replies: 0
» Views: 26
Microsoft Announces Surface Hub 2S: 50-I...
Last Post: harlan4096
Yesterday 07:26
» Replies: 0
» Views: 21
AMD 50th Anniversary Ryzen CPUs Listed A...
Last Post: harlan4096
Yesterday 07:24
» Replies: 0
» Views: 17
The Huawei P30 & P30 Pro Reviews: Photog...
Last Post: harlan4096
Yesterday 07:22
» Replies: 0
» Views: 28
Samsung Completes Development of 5nm EUV...
Last Post: harlan4096
Yesterday 07:20
» Replies: 0
» Views: 26
TSMC Reveals 6 nm Process Technology: 7 ...
Last Post: harlan4096
Yesterday 07:16
» Replies: 0
» Views: 23
8 ways in which Microsoft Edge (Chromium...
Last Post: harlan4096
Yesterday 07:11
» Replies: 0
» Views: 28
Google to present browser and search cho...
Last Post: harlan4096
Yesterday 07:09
» Replies: 0
» Views: 22
Ubuntu 19.04 is out
Last Post: harlan4096
Yesterday 07:07
» Replies: 0
» Views: 19
Start Menu gets its own process and a pe...
Last Post: harlan4096
Yesterday 07:04
» Replies: 0
» Views: 25
Microsoft explains how Dynamic Updates w...
Last Post: harlan4096
Yesterday 07:02
» Replies: 0
» Views: 25

[-]
Staffs Online
There are no staff members currently online.