Oh dear, we knew this would happen. Snapd root exploit.
Welcome, Guest.
He could not keep viruses out of Windows! Do you want Bill Gates' MANDATORY Covid-19 Vaccine? Sign this petition!
"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." -Benjamin Franklin

Author Topic: Oh dear, we knew this would happen. Snapd root exploit.  (Read 1592 times)

Offline Will

  • Spatry's Tardis Operator
  • Contributor
  • *******
  • Posts: 498
  • Chronic Distro Hopper
Oh dear, we knew this would happen. Snapd root exploit.
« on: February 15, 2019, 05:57:26 AM »
Article from The Register

Quote
Canonical has issued an update for Ubuntu to address a security vulnerability that can be exploited by malware and rogue users to gain root access.
As this bug affects desktop and server editions of the Linux distro, this is an irritating flaw for folks using shared systems, such as labs or offices of workstations.
Chris Moberly gets credit for the discovery and reporting of the flaw in question, CVE-2019-7304, which is an elevation-of-privilege vulnerability present in Ubuntu versions prior to 19.04. To reiterate, the flaw is not remotely exploitable, so a miscreant would need to already have a foothold on victim's machine.
"Current versions [before 19.04] of Ubuntu Linux are vulnerable to local privilege escalation due to a bug in the snapd API. This local service installs by default on both 'Server' and 'Desktop' versions of Ubuntu and is likely included in many Ubuntu-like Linux distributions," Moberly said in his report.

"Any local low privilege user can exploit this vulnerability to obtain immediate root access to the server."
The vulnerability is found in Snapd, Canonical's open-source toolkit for packaging and running applications via systemd. Exploiting the flaw would allow an attacker to elevate their access from unprivileged process to that of the root user, essentially allowing a complete takeover of the system.

Moberly found that, by abusing the way Snapd's API handles HTTP data requests, the tool could be tricked into believing the user has a uid of 0, aka the root user. This would let an attacker use functions reserved for the superuser, and eventually take over the box. Rather than being a memory corruption bug – the code in question is written in Go, after all – this is a cockup in handling submitted text.


We knew this would happen. But it seems to have been fixed fairly quickly thank goodness.
Ryzen 7 2700x, 32GB(3600MHz), 500GB 850 EVO, Sapphire Nitro+ RX 580 + EVGA Geforce GTX 1080 | Gentoo

Offline Spatry

  • Benevolent Dictator
  • Administrator - Sysop
  • **********
  • Posts: 5637
  • Cup of Linux Founder
    • Cup of Linux
Re: Oh dear, we knew this would happen. Snapd root exploit.
« Reply #1 on: February 15, 2019, 07:10:09 AM »
At least a patch is made as soon as a vulnerability is found... Got to love the Linux community for that!
Windows assumes the user is an idiot... Linux DEMANDS Proof!

Offline Ironclaw

  • Terminal Multiplexer
  • Staff Member
  • ********
  • Posts: 383
Re: Oh dear, we knew this would happen. Snapd root exploit.
« Reply #2 on: February 15, 2019, 12:21:11 PM »
At least as far as the description indicates it's a local exploit that would require physical access.   It's not a good thing but it could be a lot worse.
If you must persist, I will be forced to tar you, then gzip you and finally umount you.

Offline Crimson

  • Contributor
  • *******
  • Posts: 577
  • Defeating a sandwich only makes it tastier.
    • «FC» FunHouse Clan
Re: Oh dear, we knew this would happen. Snapd root exploit.
« Reply #3 on: February 15, 2019, 08:09:26 PM »
I love Linux. It's amazing how well the reaction time is on these sorts of things. I just now read this and it's already fixed. Simply outstanding. Now THESE are the developers and teams that deserve the money that MS makes, not some company that takes months to patch their own screw ups.

Man I wish more people were at least open to the idea of switching to Linux, but alas, it's a blessing and a curse I suppose.
Custom Linux PC Intel® Core™ i7-4790K Radeon™ RX 5700 XT 16GB DDR3 256GB M.2 NVMe 5.5TB Storage

Offline fchaos

  • Contributor
  • *******
  • Posts: 976
Re: Oh dear, we knew this would happen. Snapd root exploit.
« Reply #4 on: February 15, 2019, 09:52:16 PM »
I saw a report on this three days ago on G+... and it was stated that it was mostly already patched THEN

Offline Dirty Helga

  • Malevolent Dictator
  • Administrator - Sysop
  • **********
  • Posts: 231
  • Do you feel LUCKY today?
Re: Oh dear, we knew this would happen. Snapd root exploit.
« Reply #5 on: February 16, 2019, 11:38:52 AM »
Invigorating isn't it? 90% of the time, the patch comes out before the news article! Another thing Linux Does What Win Don't! ROFL!
If you BREAK the RULES, I WILL SHOOT YOU!

Offline Spatry

  • Benevolent Dictator
  • Administrator - Sysop
  • **********
  • Posts: 5637
  • Cup of Linux Founder
    • Cup of Linux
Re: Oh dear, we knew this would happen. Snapd root exploit.
« Reply #6 on: February 16, 2019, 11:39:53 AM »
You took the words right out of my mouth, Helga... LITERALLY!
Windows assumes the user is an idiot... Linux DEMANDS Proof!

Offline fchaos

  • Contributor
  • *******
  • Posts: 976
Re: Oh dear, we knew this would happen. Snapd root exploit.
« Reply #7 on: February 16, 2019, 08:59:19 PM »
for once I can agree with Helga and not feel the least bit pressured to do so