Australian channel player finds big Linux bug

By on
Australian channel player finds big Linux bug

The Shenanigans Labs security team at Sydney channel player The Missing Link (TML) has discovered a big bug in Ubuntu Linux.

The “dirty sock” exploit, aka CVE-2019-7304, found by TML’s Chris Moberly, lets attackers gain access to root on Ubuntu.

As explained by Canonical, the company backing Ubuntu Linux, “Chris Moberly discovered that snapd versions 2.28 through 2.37 incorrectly validated and parsed the remote socket address when performing access controls on its UNIX socket. A local attacker could use this to access privileged socket APIs and obtain administrator privileges. On Ubuntu systems with snaps installed, snapd typically will have already automatically refreshed itself to snapd 2.37.1 which is unaffected.”

The bug is a big deal because snapd runs Ubuntu’s new app-store-like software installation arrangements and does so with root privileges. And of course a user that gains root can do literally anything to a Linux machine.

Moberly has explained the issue in great detail here.

TML researchers have form finding bugs – the company maintains a list of advisories spawned by its efforts here – but finding a big and nasty Linux bug is undoubtedly a feather in the company’s cap.

 

 

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © CRN Australia. All rights reserved.
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

Have you adopted agile methodologies?
Yes - And it made a big different improve productivity
Yes - But it's not made a big difference to productivity
No - But we're thinking of giving it a try
No – We’re happy with our current methods
No - Because it is a stupid idea and a fad
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?