Thanks for the clarification, Chris. We're in complete agreement.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1813365
Title:
Local privilege escalation via snapd socket
To manage notifications ab
^ Sorry, just to add clarity:
I am not demonstrating the exploit working from within a devmode snap. I
am demonstrating a devmode snap packaged inside the exploit.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad
Hi Gustavo,
Yes, but remember that this is a low-privilege user exploiting the bug
in order to install a snap in devmode to get root.
This does indeed require an exploit, so that the install hook can
execute the commands as root and add a new user. It's simply an
alternative exploit to using the
Chris, I've just read your blog post at:
https://shenaniganslabs.io/2019/02/13/Dirty-Sock.html
There you install a snap in devmode, which does a bunch of things to
demonstrate that the snap can access system resources via the
vulnerability in <2.37. Just for the record, it's slightly undue to
cla
Thanks again to everyone for your hard work, timely updates, and overall
providing such a great disclosure experience.
See you next time!
- Chris
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/181336
This is now public:
- https://usn.ubuntu.com/3887-1/
- https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SnapSocketParsing
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to U
