The Shenanigans Labs security team at Sydney channel player The Missing Link (TML) has discovered a big bug in Ubuntu Linux.
The “dirty sock” exploit, aka CVE-2019-7304, found by TML’s Chris Moberly, lets attackers gain access to root on Ubuntu.
As explained by Canonical, the company backing Ubuntu Linux, “Chris Moberly discovered that snapd versions 2.28 through 2.37 incorrectly validated and parsed the remote socket address when performing access controls on its UNIX socket. A local attacker could use this to access privileged socket APIs and obtain administrator privileges. On Ubuntu systems with snaps installed, snapd typically will have already automatically refreshed itself to snapd 2.37.1 which is unaffected.”
The bug is a big deal because snapd runs Ubuntu’s new app-store-like software installation arrangements and does so with root privileges. And of course a user that gains root can do literally anything to a Linux machine.
Moberly has explained the issue in great detail here.
TML researchers have form finding bugs – the company maintains a list of advisories spawned by its efforts here – but finding a big and nasty Linux bug is undoubtedly a feather in the company’s cap.