Australian channel player finds big Linux bug

By on
Australian channel player finds big Linux bug

The Shenanigans Labs security team at Sydney channel player The Missing Link (TML) has discovered a big bug in Ubuntu Linux.

The “dirty sock” exploit, aka CVE-2019-7304, found by TML’s Chris Moberly, lets attackers gain access to root on Ubuntu.

As explained by Canonical, the company backing Ubuntu Linux, “Chris Moberly discovered that snapd versions 2.28 through 2.37 incorrectly validated and parsed the remote socket address when performing access controls on its UNIX socket. A local attacker could use this to access privileged socket APIs and obtain administrator privileges. On Ubuntu systems with snaps installed, snapd typically will have already automatically refreshed itself to snapd 2.37.1 which is unaffected.”

The bug is a big deal because snapd runs Ubuntu’s new app-store-like software installation arrangements and does so with root privileges. And of course a user that gains root can do literally anything to a Linux machine.

Moberly has explained the issue in great detail here.

TML researchers have form finding bugs – the company maintains a list of advisories spawned by its efforts here – but finding a big and nasty Linux bug is undoubtedly a feather in the company’s cap.

 

 

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © CRN Australia. All rights reserved.
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

5G phones have arrived. How long until you buy one?
OMG right now this minute shut up and take my money
About six months from now, once network coverage improves
About a year from now, once I have a few handsets to choose from
Maybe never - I don't think I'll need a faster phone
Never - You'll have to take my Nokia 3210 from my cold, dead hands
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?