Fresh off our recent disclosure (Pwnkit), the Qualys Research Team announced that it has discovered multiple vulnerabilities in the snap-configure function on Ubuntu operating systems, the most important of which can be exploited to escalate privilege to gain root privileges.  
 
While not as ubiquitous as Pwnkit, this disclosure is still significant with Ubuntu boasting over 40 million desktop users. Moreover, it has been a full two years since the discovery of the most recent Snap vulnerability. Why?...  
 
In 2019, “Dirty Sock” was disclosed and security professionals moved quickly to mitigate the vulnerability, review the specific line of code for additional holes and implement every defensive programme and defensive best practice. Yet, the Qualys research team was still able to move through all safeguards, defeat all capabilities and gain root privilege access.  
 
The "Oh Snap!" Vulnerability Disclosure Breakdown: 

• Technical Details: 

  • Snap is a software packaging and deployment system developed by Canonical for operating systems that use the Linux kernel.  

  • The packages, called snaps, and the tool for using them, snapd, work across a range of Linux distributions and allow upstream software developers to distribute their applications directly to users.  

  • Snaps are self-contained applications running in a sandbox with mediated access to the host system. Snap-confine is a programme used internally by snapd to construct the execution environment for snap applications.  

  • As soon as the Qualys Research Team confirmed the vulnerability, an engagement in responsible vulnerability disclosure was undertaken and coordinated with both vendor and open-source distributions in announcing this newly discovered vulnerability.

• Impact:  

  • Successful exploitation of this vulnerability allows any unprivileged user to gain root privileges on the vulnerable host.  

  • Qualys security researchers have been able to independently verify the vulnerability, develop an exploit and obtain full root privileges on default installations of Ubuntu.  

• Mitigation: 

  • Given the breadth of the attack surface for this vulnerability and the popularity of this operating system, Qualys recommends that users apply patches for this vulnerability immediately. Current customers can search the vulnerability knowledge base for CVE-2021- 44731 to identify all the QIDs and assets vulnerable for this vulnerability. 

  • In a Log4Shell, SolarWinds, MSFT Exchange (and on and on) era, it is vital that vulnerabilities are responsibly reported and are patched and mitigated immediately. 

  • This disclosure continues to showcase that security is not a one and done – this code had been reviewed several times and Snap has very defensive technologies.  

Here is the blog post for additional information.