Australian channel player finds big Linux bug

By on
Australian channel player finds big Linux bug

The Shenanigans Labs security team at Sydney channel player The Missing Link (TML) has discovered a big bug in Ubuntu Linux.

The “dirty sock” exploit, aka CVE-2019-7304, found by TML’s Chris Moberly, lets attackers gain access to root on Ubuntu.

As explained by Canonical, the company backing Ubuntu Linux, “Chris Moberly discovered that snapd versions 2.28 through 2.37 incorrectly validated and parsed the remote socket address when performing access controls on its UNIX socket. A local attacker could use this to access privileged socket APIs and obtain administrator privileges. On Ubuntu systems with snaps installed, snapd typically will have already automatically refreshed itself to snapd 2.37.1 which is unaffected.”

The bug is a big deal because snapd runs Ubuntu’s new app-store-like software installation arrangements and does so with root privileges. And of course a user that gains root can do literally anything to a Linux machine.

Moberly has explained the issue in great detail here.

TML researchers have form finding bugs – the company maintains a list of advisories spawned by its efforts here – but finding a big and nasty Linux bug is undoubtedly a feather in the company’s cap.

 

 

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © CRN Australia. All rights reserved.
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

How do you feel about Telstra's new services play?
Telstra has become a direct threat - we'll only work with other carriers
We can live with this - we'll still use Telstra networks
This is an opportunity for us - customers liked working with Telstra's sub-brands
This changes nothing - Telstra was always a competitor
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?