Following its recent revelation (Pwnkit), the Qualys Research Team today announced that it has discovered several vulnerabilities in the snap configure feature of Ubuntu operating systems, the most important of which can be exploited to gain root privileges.
Even if the vulnerability is not as widespread as Pwnkit, it is still significant, since Ubuntu has over 40 million users. In addition, two years have already passed since the discovery of the last Snap vulnerability. Why?
In 2019, “dirty sock” was exposed and security experts acted quickly to defuse the vulnerability, check the specific line of code for further gaps, and implement all defense programs and best defense procedures. Nevertheless, the Qualys research team was able to overcome all security precautions, turn off all functions and gain root privileges.
The “Oh Snap!“-Breakdown of the vulnerability:
- Snap is a software packaging and deployment system developed by Canonical for operating systems that use the Linux kernel.
- The packages, called snaps, and the tool for their use, snapd, work in a number of Linux distributions and allow upstream software developers to distribute their applications directly to users.
- Snaps are self-contained applications that run in a sandbox with mediated access to the host system. Snap-confine is a program used internally by snapd to create the execution environment for Snap applications.
- As soon as the Qualys research team confirmed the vulnerability, the company committed to responsible disclosure of the vulnerability and coordinated the announcement of this newly discovered vulnerability with both the manufacturers and the open source distributions.
- If this vulnerability is successfully exploited, any unprivileged user can gain root privileges on the vulnerable host.
- Qualys security researchers were able to independently verify the vulnerability, develop an exploit and gain full root rights to standard installations of Ubuntu.
- Given the large attack surface for this vulnerability and the popularity of this operating system, Qualys recommends that users immediately install patches for this vulnerability. Current customers can search for CVE-2021- 44731 in the vulnerability knowledge base to identify all QIDs and assets that are vulnerable to this vulnerability.
- In the age of Log4Shell, SolarWinds, MSFT Exchange (and more), it is crucial that security vulnerabilities are reported responsibly and patched and mitigated immediately.
- This revelation shows once again that security is not a one–off – this code has been checked several times and Snap has very defensive technologies.