Ubuntu and some other Linux distributions suffer from a severe privilege escalation vulnerability that could allow a local attacker or a malicious program to obtain root privileges and total control over the targeted system.
Dubbed “Dirty_Sock” and identified as CVE-2019-7304, the vulnerability was discovered by security researcher Chris Moberly, who privately disclosed it to Canonical, the maker of Ubuntu, late last month.
The vulnerability resides in the REST API for snapd service, a universal Linux packaging system that makes an application compatible for various Linux distributions without requiring any modification.
Built by Canonical, snapd comes by default installed on all versions of Ubuntu and also used by other Linux distributions, including Debian, OpenSUSE, Arch Linux, Solus, and Fedora.
Snap packages are basically applications compressed together with their dependencies that also includes instructions on how to run and interact with other software on various Linux systems for desktop, cloud, and Internet of Things.
images from Hacker News