Researchers uncover privilege escalation flaw in Ubuntu snap-confine function.
Security researchers have recently found “multiple vulnerabilities” on Ubuntu systems, some of which would allow a threat actor to gain root privileges on the target endpoint.
In a blog post, Bharat Jogi, Director of Vulnerability and Threat Research at Qualys, said the team found the flaws in the snap-confine function on Linux operating systems. Approximately 40 million users are at risk.
Jogi describes Snap as a “software packaging and deployment system” that was built by Canonical for operating systems on the Linux kernel. These packages, or “snaps”, as well as the tool that uses them, “snapd”, work on a wide range of Linux distributions, allowing developers to ship applications directly to users.
Gaining root access
Snaps, Jogi further explains, are “self-contained applications running in a sandbox with mediated access to the host system. Snap-confine in s a program used internally by snapd to construct the execution environment for snap applications”.
By abusing the flaw, tracked as CVE-2021-44731, the attacker can elevate the privileges of a basic account all the way to root access. Researchers from Qualys claim to have independently verified the vulnerability, developed an exploit, and obtained full root privileges on default installations of Ubuntu.
The team did not explain if the exploit comes in the form of malware, or if it took a different approach.
As usual, by the time the news hits the press, a patch had already been issued, so Ubuntu users are advised to patch up to the latest version, immediately. Qualys’ customers can search the vulnerability knowledgebase for CVE-2021-44731 to identify all the QIDs and vulnerable assets, the company said.
“In a Log4Shell, SolarWinds, MSFT Exchange (and on and on) era, it is vital that vulnerabilities are responsibly reported and are patched and mitigated immediately”, the research team warns“. This disclosure continues to showcase that security is not a one and done – this code had been reviewed several times and Snap has very defensive technologies”.
