Posts related to dirty socks

Dirty Sock Snapd Local Privilege Escalation Vulnerability

A local privilege escalation in snapd versions 2.28 through 2.37 that could allow the creation of root level accounts – may give you a Dirty Sock ! Chris Moberly discovered that snapd versions 2.28 through 2.37 incorrectly validated and parsed the remote socket address when performing access controls on its UNIX socket. A local attacker could use this to access privileged socket APIs and obtain administrator privileges.

read more