Local privilege escalation via snapd socket
CVE-2019-7304

8.8HIGH

Key Information:

Vendor
Canonical
Status
Snapd
Vendor
CVE Published:
23 April 2019

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 83%

Summary

Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.

Affected Version(s)

snapd < 2.37.1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

dirty_sock
Created by initstring

CVE-2019-7304_DirtySock
Created by SecuritySi

snap_priv_esc
Created by elvi7major

References

https://usn.ubuntu.com/3887-1/
x_refsource_MISC
https://www.exploit-db.com/exploits/46361
x_refsource_MISC
https://www.exploit-db.com/exploits/46362
x_refsource_MISC

EPSS Score

83% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Chris Moberly
.