Category Archives: Ubuntu

Open Source Project Aims To Make Ubuntu Usable on Arm-Powered Windows Laptops

A group of programmers and device hackers are working to bring proper support for Ubuntu to Arm-powered Windows laptops, starting with first-generation Snapdragon 835 systems, like the HP Envy x2 and Asus NovaGo. From a report: The aarch64-laptops project provides prebuilt images for the aforementioned notebook PCs, as well as the Lenovo Miix 630. Although Ubuntu and other Linux distributions support aarch64 (ARMv8) by default, various obstacles including the design and configuration of Qualcomm Snapdragon processors make these default images not practically usable. The aarch64-laptops project developers are aiming to address these difficulties, though work is still ongoing. Presently, the TouchPad does not work properly on the Asus, with all three lacking proper support for on-board storage and Wi-Fi, which rely on UFS support. According to their documentation, this is being worked on upstream.

Read more of this story at Slashdot.

Ubuntu snapd flaw allows getting root access to the system.

Expert discovered a privilege escalation vulnerability in default installations of Ubuntu Linux that resides in the snapd API.

Security researcher Chris Moberly discovered a vulnerability in the REST API for Canonical’s snapd daemon that could allow attackers to gain root access on Linux machines.

Canonical, the makers of Ubuntu Linux, promotes their “Snap” packages to roll all application dependencies into a single binary (similar to Windows applications).

The Snap environment includes an “app store” where developers can contribute and maintain ready-to-go packages.

“Management of locally installed snaps and communication with this online store are partially handled by a systemd service called snapd.”

The flaw called ‘Dirty_Sock’ would affect affects several Linux servers, the expert successfully tested on Ubuntu and released PoCs to show how to elevate privileges.

“In January 2019, I discovered a privilege escalation vulnerability in default installations of Ubuntu Linux. This was due to a bug in the snapd API, a default service. Any local user could exploit this vulnerability to obtain immediate root access to the system.” wrote the expert.

“Two working exploits are provided in the dirty_sock repository:

  1. dirty_sockv1: Uses the ‘create-user’ API to create a local user based on details queried from the Ubuntu SSO.
  2. dirty_sockv2: Sideloads a snap that contains an install-hook that generates a new local user.”

“Both are effective on default installations of Ubuntu.”

Canonical has already addressed the flaw, administrators need to install the snapd update to avoid the exploitation.

“Chris Moberly discovered that snapd versions 2.28 through 2.37 incorrectly validated and parsed the remote socket address when performing access controls on its UNIX socket.” reads the security advisory published by Canonical.

“A local attacker could use this to access privileged socket APIs and obtain administrator privileges. On Ubuntu systems with snaps installed, snapd typically will have already automatically refreshed itself to snapd 2.37.1 which is unaffected.”

Moberly discovered that the daemon leverages UNIX sockets to allow developers to communicate with it using a REST API.

This UNIX socket runs under the security context of the root user, so the expert investigated the possibility to elevate his privileges by abusing API methods.

The researcher discovered that it is possible to create a local user account using the daemon’s “POST /v2/create-user” API. This API command requires the program to have root permission to create a user.

The analysis of snapd connections allowed the expert to discover that if a user has root permissions, it uses a string composed of the calling pid, uid of the program connected to the socket, the socket path, and the remoteAdd (i.e. “pid=5127;uid=1000;socket=/run/snapd.socket;@”).

Where the @ substring represents the RemoteAddr of the socket, or the socket name that is used to connect to the snapd socket.

Moberly created a socket containing ;uid=0; in its name in a way to trick the parser to overwrite the uid when the string is analyzed.

snapd socket-via-remote-socket

Parsing a string containing the uid=0 is the last part will allow overwriting the previous uid and trick snapd into emulating a root user and allow a local user to be created.

The expert published the “dirty_sockv1” PoC code for this attack, but he pointed out that the attack required an Internet connection and the creation of an account on the Ubuntu SSO and uploading an SSH public key to your profile.

The expert also devised a Dirty_Sock version 2 that sees sideloads a malicious snap using the ‘POST /v2/snaps’ API instead.

dirty_sockv2 instead uses the ‘POST /v2/snaps’ API to sideload a snap containing a bash script that will add a local user. This works on systems that do not have the SSH service running. It also works on newer Ubuntu versions with no Internet connection at all.” continues the expert.

“HOWEVER, sideloading does require some core snap pieces to be there. If they are not there, this exploit may trigger an update of the snapd service.”

The Dirty_Sock version 2 requires no Internet connection or the use of SSH key.

Canonical fixed the issue with the release of the 2.37.1. version that implements a stricter parser that removes user-controlled variable.

Pierluigi Paganini

(SecurityAffairs – Snapd, Ubuntu)

The post Ubuntu snapd flaw allows getting root access to the system. appeared first on Security Affairs.

Snapd Flaw Lets Attackers Gain Root Access On Linux Systems

Ubuntu and some other Linux distributions suffer from a severe privilege escalation vulnerability that could allow a local attacker or a malicious program to obtain root privileges and total control over the targeted system. Dubbed "Dirty_Sock" and identified as CVE-2019-7304, the vulnerability was discovered by security researcher Chris Moberly, who privately disclosed it to Canonical, the

Snapd flaw gives attackers root access on Linux systems

A vulnerability affecting Snapd – a package installed by default in Ubuntu and used by other Linux distributions such as Debian, OpenSUSE, Arch Linux, Fedora and Solus – may allow a local attacker to obtain administrator privileges, i.e., root access and total control of the system. About Snapd Snapd is a service used to deliver, update and manage apps (in the form of snap packages) on Linux distributions. “This service is installed automatically in Ubuntu … More

The post Snapd flaw gives attackers root access on Linux systems appeared first on Help Net Security.

RunC container escape flaw enables root access to host system

A serious vulnerability in runC, a widely used CLI tool for spawning and running containers, could be exploited to compromise the runC host binary from inside a privileged runC container, allowing the attacker to gain root access on the underlying host system. RunC is the container runtime underneath infrastructure and engines such as Docker, CRI-O, containerd, Kubernetes, etc. About the vulnerability (CVE-2019-5736) CVE-2019-5736 was reported by researchers Adam Iwaniuk and Borys Popławski to runC maintainers, … More

The post RunC container escape flaw enables root access to host system appeared first on Help Net Security.

Canonical Updates Ubuntu 18.04 While Patching Numerous Other Security Flaws

Canonical has released updates for Ubuntu 18.04. The updates include patches for numerous security vulnerabilities in the Linux Kernel. Ubuntu

Canonical Updates Ubuntu 18.04 While Patching Numerous Other Security Flaws on Latest Hacking News.

System76 Unveils ‘Darter Pro’ Linux Laptop With Choice of Ubuntu or Pop!_OS

An anonymous reader writes: Today, System76 unveiled its latest laptop -- the 15.6-inch (full-HD) "Darter Pro." It is thin, but not overly so -- it still has USB-A ports (thankfully). The computer is quite modern, however, as it also has a USB-C/Thunderbolt 3 port. It supports Pop!_OS 18.04 LTS (64-bit), Pop!_OS 18.10 (64-bit), or Ubuntu 18.04 LTS (64-bit) operating system. It comes in two variants, with the following processor options: 8th Gen Intel Core i5-8265U: 1.6 up to 3.90 GHz -- 6MB Cache -- 4 Cores -- 8 Threads, or 8th Gen Intel Core i7-8565U: 1.8 up to 4.60 GHz -- 8MB Cache -- 4 Cores -- 8 Threads, with either coupled with Intel UHD Graphics 620 GPU, and up to 32GB Dual Channel DDR4 @ 2400 MHz, and M.2 SATA or PCIe NVMe SSD for storage. As for ports, there is USB 3.1 Type-C with Thunderbolt 3, 2 USB 3.0 Type-A, 1 x USB 2.0, SD Card Reader. The company says it will announce the pricing at a later stage,

Read more of this story at Slashdot.

Ubuntu Core 18 Released for IoT devices

Canonical today announced the release of Ubuntu Core 18 "for secure, reliable IoT devices." The Canonical blog notes that "Immutable, digitally signed snaps ensure that devices built with Ubuntu Core are resistant to corruption or tampering. Any component can be verified at any time." In addition, "The attack surface of Ubuntu Core has been minimized, with very few packages installed in the base OS, reducing the size and frequency of security updates and providing more storage for applications and data." Ubuntu Core also "enables a new class of app-centric things, which can inherit apps from the broader Ubuntu and Snapcraft ecosystems or build unique and exclusive applications that are specific to a brand or model." You can download it from here.

Read more of this story at Slashdot.