Canonical Snapd Vulnerability Gives Root Access in Linux

[silversurfer]

A researcher has discovered a new vulnerability called "Dirty_Sock" in the REST API for Canonical's snapd daemon that can allow attackers to gain root access on Linux machines. To illustrate how these vulnerabilities can be exploited, the researcher has released to PoCs that use different methods to elevate privileges.

This vulnerability has since been patched by Canonical, the maker of Ubuntu and the Snap framework, but unless admins install the snapd update, local users will be able to gain root level access to servers running the daemon.

Security researcher Chris Moberly, who discovered this bug, told BleepingComputer in an interview that while he tested it only on Ubuntu, other Linux servers would most likely be affected.

"This bug would affect any Linux using snapd. Exploitation might vary, though. For example, dirty_sockv1 uses the create-user API. That API actually uses a back-end Linux command "adduser" which is not included in all distros of Linux (some just have useradd, for example). This is one of the reasons I worked really hard to get dirty_sockv2 working - that version lets me include any bash script I want so can be very portable."

SOURCE: https://www.bleepingcomputer.com/news/se...-in-linux/