Dirty Sock Snapd Local Privilege Escalation Vulnerability

A local privilege escalation in snapd versions 2.28 through 2.37 that could allow the creation of root level accounts – may give you a Dirty Sock !

Chris Moberly discovered that snapd versions 2.28 through 2.37 incorrectly validated and parsed the remote socket address when performing access controls on its UNIX socket. A local attacker could use this to access privileged socket APIs and obtain administrator privileges. On Ubuntu systems with snaps installed, snapd typically will have already automatically refreshed itself to snapd 2.37.1 which is unaffected.

Ubuntu Security Patch USN-3887-1

The vulnerability, which Moberly refers to as Dirty Sock, doesn’t allow hackers to break into vulnerable machines remotely, but once attackers have a foothold on any unpatched system they can turn a simple intrusion into a bad hack where they have control over the entire OS.

In technical jargon, Dirty Sock is a local privilege escalation flaw that lets hackers create root-level accounts.

Other Linux distros that use Snapd also shipped security updates, such as Debian, Arch Linux, OpenSUSE, Solus, and Fedora.

Moberly’s in-depth technical write-up on the Dirty Sock flaw is available here while the PoC is here.

Patch them if you got them folks !