Dirty Sock Bug gives Root Access to Attacker on Linux
Critical Dirty Sock vulnerability gives root level access to hackers on Linux system
Security researcher Chris Moberly from Shenanigans Labs, have discovered this privilege escalation bug which is CVE-2019-7304, lets attackers create root level accounts on the system.
The main key point on this flaw is that the bug isn't in the Ubuntu operating system itself, but in the Snapd daemon that's included by default with all recent Ubuntu versions, but also with some other Linux distros.
Snapd is the daemon that manages "snaps," a new app packaging format developed and used by Canonical for Ubuntu apps since 2014. Snapd lets users download and install apps in the .snap file format.
Snapd exposes a local REST API server that snap packages (and the official Ubuntu Snap Store) interact with during the installation of new apps (snaps).To exploit this vulnerability, Moberly have found a way to bypass the access control restrictions imposed on this API server and gain access to all API functions, including the ones restricted for the root user.
Moberly have also published a POC exploit for DirtyShock including all the technical details of the bug.
Moberly found that Snapd versions 2.28 through 2.37 are all vulnerable to the Dirty Sock exploit, and he also reported the issue to Canonical team, a team behind Ubuntu. The bug has been fixed and patch version of Snapd 2.37.1 have been also released.
Ubuntu users can apply the fixed for the DirtyShock by updating the OS as Canonical had released the update for its operating system, or which the Snapd package was initially developed and where it's included and enabled by default.
Other Linux distro that affected by DirtyShock are Debian, Arch Linux, OpenSUSE, Solus, and Fedora.