-
Linux Privilege Escalation via snapd using dirty_sock exploit and demonstration of CVE-2019-7304
In January 2019, researchers discovered a privilege escalation vulnerability in default installations of Ubuntu Linux. This was due to a bug in the snapd API, a default service. Any local user could exploit this vulnerability to obtain immediate root access to the system (Linux Privilege Escalation via snapd, n.d.). In our course work, we are going to exploit one of the affected Ubuntu 16.04 using dirty_sock exploit via snapd which created by security researcher. Moreover, snapd serves up a REST API attached to a local AF_UNIX socket. Access control to restricted API functions is accomplished by querying the UID associated with any connections made to that socket. User-controlled socket peer data can be affected to overwrite a UID variable during string parsing in a for-loop. This allows any user to access any API function.