Vulnerabilities > CVE-2019-7304 - Incorrect Authorization vulnerability in Canonical Snapd
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
id EDB-ID:46360 last seen 2019-02-12 modified 2019-02-12 published 2019-02-12 reporter Exploit-DB source https://www.exploit-db.com/download/46360 title Ubuntu snapd < 2.37.1 - Local Privilege Escalation id EDB-ID:46362 last seen 2019-02-13 modified 2019-02-13 published 2019-02-13 reporter Exploit-DB source https://www.exploit-db.com/download/46362 title snapd < 2.37.0 (Ubuntu) - 'dirty_sock' Local Privilege Escalation (2) id EDB-ID:46361 last seen 2019-02-13 modified 2019-02-13 published 2019-02-13 reporter Exploit-DB source https://www.exploit-db.com/download/46361 title snapd < 2.37.0 (Ubuntu) - 'dirty_sock' Local Privilege Escalation (1)
Nessus
NASL family | Ubuntu Local Security Checks |
NASL id | UBUNTU_USN-3887-1.NASL |
description | Chris Moberly discovered that snapd versions 2.28 through 2.37 incorrectly validated and parsed the remote socket address when performing access controls on its UNIX socket. A local attacker could use this to access privileged socket APIs and obtain administrator privileges. On Ubuntu systems with snaps installed, snapd typically will have already automatically refreshed itself to snapd 2.37.1 which is unaffected. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 122152 |
published | 2019-02-13 |
reporter | Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/122152 |
title | Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : snapd vulnerability (USN-3887-1) |
code |
|
Packetstorm
data source https://packetstormsecurity.com/files/download/151640/snapd-dirtysockv2.py.txt id PACKETSTORM:151640 last seen 2019-02-14 published 2019-02-13 reporter Chris Moberly source https://packetstormsecurity.com/files/151640/snapd-2.37-Ubuntu-dirty_sock-Local-Privilege-Escalation.html title snapd 2.37 (Ubuntu) dirty_sock Local Privilege Escalation data source https://packetstormsecurity.com/files/download/151639/snapd-dirtysockv1.py.txt id PACKETSTORM:151639 last seen 2019-02-14 published 2019-02-13 reporter Chris Moberly source https://packetstormsecurity.com/files/151639/snapd-2.37-Ubuntu-dirty_sock-Local-Privilege-Escalation.html title snapd 2.37 (Ubuntu) dirty_sock Local Privilege Escalation
The Hacker News
id | THN:0AFF942FE27757416BFE1544C73F5CA5 |
last seen | 2019-02-13 |
modified | 2019-02-13 |
published | 2019-02-13 |
reporter | The Hacker News |
source | https://thehackernews.com/2019/02/snapd-linux-privilege-escalation.html |
title | Snapd Flaw Lets Attackers Gain Root Access On Linux Systems |