Australian channel player finds big Linux bug

By on
Australian channel player finds big Linux bug

The Shenanigans Labs security team at Sydney channel player The Missing Link (TML) has discovered a big bug in Ubuntu Linux.

The “dirty sock” exploit, aka CVE-2019-7304, found by TML’s Chris Moberly, lets attackers gain access to root on Ubuntu.

As explained by Canonical, the company backing Ubuntu Linux, “Chris Moberly discovered that snapd versions 2.28 through 2.37 incorrectly validated and parsed the remote socket address when performing access controls on its UNIX socket. A local attacker could use this to access privileged socket APIs and obtain administrator privileges. On Ubuntu systems with snaps installed, snapd typically will have already automatically refreshed itself to snapd 2.37.1 which is unaffected.”

The bug is a big deal because snapd runs Ubuntu’s new app-store-like software installation arrangements and does so with root privileges. And of course a user that gains root can do literally anything to a Linux machine.

Moberly has explained the issue in great detail here.

TML researchers have form finding bugs – the company maintains a list of advisories spawned by its efforts here – but finding a big and nasty Linux bug is undoubtedly a feather in the company’s cap.



Got a news tip for our journalists? Share it with us anonymously here.
Copyright © CRN Australia. All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?