A security researcher from Shenanigans Labs, Chris Moberly, recently discovered a vulnerability affecting the Ubuntu operating system. The researcher named the vulnerability as ‘Dirty Sock’ and noted that this bug is a local privilege escalation vulnerability, which could allow attackers to gain root level access to the system. Moberly mentioned that the actual vulnerability does not exist in the Ubuntu OS itself, but in Snapd, which is included in all recent Ubuntu versions, and in some other Linux distros by default.
Snapd allows users to download and install apps in the .snap file format. Snapd is the daemon that manages ‘snaps’, a new app packaging form developed and used in Ubuntu apps since 2014. The impact of this vulnerability is visible in Snapd versions 2.28 and later.
Moberly stated that Snapd exposes a local REST API server that snap packages interact with the official Ubuntu Snap Store while installing new apps (snaps).
The researcher said, Access control to restricted API functions is accomplished by querying the UID associated with any connections made to that socket which allow the users to access any API function. By having an access to the API function, attackers will use different method to gain the root access.
Moberly published a Proof-of-Concept code on GitHub that was written in Python in order to exploit this API and create new root-level accounts. The researcher noted that the malicious code to exploit this ‘Dirty Sock’ vulnerability can either be run directly on infected host systems or can be hidden inside malicious snap packages and will not work remotely.
Canonical released Snapd version 2.37.1 and also released security updates for the Ubuntu Linux OS that tracked as CVE-2019-7304. Other Linux distros that use Snapd such as Debian, ArchLinux, OpenSUSE, Solus, and Fedora also released security updates to fix the bug
If you have any queries,please do not hesitate to contact us: hello@stravatechnologies.in