Snapd Flaw Lets Attackers Gain Root Access On Linux Systems

Security researcher Chris Moberly discovered a flaw called "Dirty_Sock" (CVE-2019-7304) that exploits a sever privilege escalation vulnerability and allows an attacker to gain root access on Linux systems.  The REST API for Snapd service is where the vulnerability resides with versions 2.28 through 2.37 being susceptible because of an incorrectly validated and parsed remote socket.  The vulnerability has been addressed in version 2.37.1, and it is highly recommended that Ubuntu users update immediately.

Relevant URL(s):