Snapd vulnerability allows privileges escalation on Linux systems

Various Linux distributions might be affected by this security issue

Critical privilege-escalation vulnerability could grant total control of the system compromised to attackers. According to network security and ethical hacking specialists from the International Institute of Cyber Security, Ubuntu and some other Linux distributions users could be impacted.

The vulnerability has been tracked as CVE-2019-7304 and was discovered by a network security expert, who was responsible for notifying Canonical, the Ubuntu developers. The vulnerability has been nicknamed “Dirty_Sock” and resides in the REST API for the SNAPD service, a universal packaging system on Linux, which renders compatible an application for various distributions without having to make more modifications.

The SNAPD service was developed by Canonical and is installed by default in Ubuntu; it is also used by other Linux distributions, such as Debian, OpenSUSE, Arch Liunx and Fedora.

According to network security specialists, these packages are compressed applications along with their dependencies that also include instructions on how to run and interact with other programs on various Linux desktop systems, IoT and cloud-hosted devices.

Snap locally hosts a web server to provide a RESTful API list that helps the service perform multiple actions on the operating system. These REST APIs have access control to define user-level permissions for certain tasks, while some other APIs are only available to root users.

An error in the access control process allows attackers to overwrite the user ID to access any API functions, including those that are restricted to root users. “A local attacker could use this to access the privileged APIs and obtain administrator privileges”, mentions an Ubuntu security alert.

It is worth noting that the Dirty_Socks vulnerability is not exploitable remotely.

Vulnerability-discovery experts released two exploit proof of concept on GitHub. One of the exploits requires an SSH connection, while the second is able to download a malicious plugin.

Canonical has just launched SNAPD 2.37.1 to correct this security flaw. On the other hand, Ubuntu and other widely used Linux distributions have already released their own versions of the correction.

Linux distribution users must update their systems as soon as possible to avoid any risk of exploitation.