snapd 2.37 (Ubuntu) dirty_sock Local Privilege Escalation

Posted by deepcore on February 14, 2019 – 3:10 pm

This exploit bypasses access control checks to use a restricted API function (POST /v2/create-user) of the local snapd service. This queries the Ubuntu SSO for a username and public SSH key of a provided email address, and then creates a local user based on these value. Successful exploitation for this version requires an outbound Internet connection and an SSH service accessible via localhost. This is one of two proof of concepts related to this issue. Versions below 2.37.1 are affected.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« snapd 2.37 (Ubuntu) dirty_sock Local Privilege Escalation runc Host Command Execution »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

snapd 2.37 (Ubuntu) dirty_sock Local Privilege Escalation

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL