Advertisement






Linux Privilege Escalation via snapd (dirty_sock exploit)

CVE Category Price Severity
CVE-2019-7304 CWE-77 Not specified High
Author Risk Exploitation Type Date
Dominik Penner High Local 2019-02-24
CPE
cpe:cpe:/a:canonical:snapd
CVSS EPSS EPSSP
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2019020241

Below is a copy:

Linux Privilege Escalation via snapd (dirty_sock exploit)
In January 2019, Chris Moberly discovered a privilege escalation vulnerability in default installations of Ubuntu Linux. This was due to a bug in the snapd API, a default service. Any local user could exploit this vulnerability to obtain immediate root access to the system.

While Ubuntu happens to include snapd by default, any Linux system with this package installed is vulnerable.

Two working exploits are provided in the dirty_sock repository (https://github.com/initstring/dirty_sock):

    dirty_sockv1: Uses the create-user API to create a local user based on details queried from the Ubuntu SSO.
    dirty_sockv2: Sideloads a Snap that contains an install-hook that generates a new local user.

Both are effective on default installations of Ubuntu. Testing was mostly completed on 18.10, but older versions are vulnerable as well.

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.