A flaw impacting Snapd, which is already installed in Ubuntu by default and employed by another Linux distributions likely OpenSUSE, Debian, Fedora, Arch Linux and Solus which may permit a local hacker to acquire administrator benefits, likely total control of the system and root access.
Snapd offers multi service such as to update and manage apps on Linux distributions.
“This service is installed automatically in Ubuntu and runs under the context of the ‘root’ user. Snapd is evolving into a vital component of the Ubuntu OS, particularly in the leaner spins like ‘Snappy Ubuntu Core’ for cloud and IoT,” noted Chris Moberly, the security researcher who discovered the flaw,
The Snap eco-system comprises of a snaps store where developers can hand out and keep ready-to-go packages. Regrettably, there have already been successful efforts to present harmful code in some of those packages.
About The Flaw
Moberly observed CVE-2019-7304 and confidentially revealed it to canonical, the designer of Ubuntu, back in late January. The vulnerability impacts versions 2.28 through 2.37 of Snapd. It is a general privilege escalation flaw, meaning that hackers must initially acquire distant access to the reference machine and merely then can utilize it to upgrade their privileges.
“Snapd serves up a REST API attached to a local UNIX_AF socket. Access control to restricted API functions is accomplished by querying the UID associated with any connections made to that socket. User-controlled socket peer data can be affected to overwrite a UID variable during string parsing in a for-loop. This allows any user to access any API function. With access to the API, there are multiple methods to obtain root,” Moberly explained in a blog post.
Moberly also let it publicly two Proof of Concept efforts for it, which permit the vulnerability to be employed on systems with an SSH service and an Internet connection, and on those without harmful and side-loaded snaps.
The vulnerability was patched in version 2.37.1 of Snapd, and Ubuntu and moreover the rest of the aforesaid Linux distributions have so far employed a patched version of the package. Of course, the users are motivated to upgrade their installations without any delays.