Linux Privilege Escalation via snapd using dirty_sock exploit and demonstration of CVE-2019–7304

Background

What is Snap?

Vulnerability Overview

Vulnerability details

Demonstration

First of all, we are checking that snap version whether it is vulnerable or not (USN-3887–1: snapd vulnerability, n.d.). Hence, canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snap versions prior to 2.37.1. As we see, our snap version is 2.21 and was affected by this exploitation (CVE-2019–7304 (retired), n.d.). Fig.1

Remediation

The main solution is patching affected system! The snapd team fixed this right away after this disclosure (Local privilege escalation via snapd socket, n.d.). On Ubuntu systems with snaps installed, snapd typically will have already automatically refreshed itself to snapd 2.37.1 which is unaffected.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store