A few weeks ago in January, security researcher Chris Moberly discovered a privilege escalation bug in the snapd daemon which is installed by default on various versions of Ubuntu Linux. If properly exploited, an attacker could gain root access on the system.
This vulnerability is CVE-2019-7304 and is rated as a high priority vulnerability by Canonical. It directly affects the following four Ubuntu releases and their derivatives:
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
What is Snapd?
Snappy is a Linux package management tool originally developed by Canonical for the Ubuntu Linux operating system. Snap is different than the more conventional package management tools like YUM or APT which require specifically configured packages for each distro. Snap packages are designed to be agnostic in the sense that they work across various distros using a single, self-contained binary installer or package.
These packages, or snaps as they are commonly called, are managed by the snapd system service which is automatically installed by default on Ubuntu Linux.
While snapd was developed specifically for Ubuntu, it was ported in 2016 to a variety of other Linux distributions. As such, it’s important that you check and validate whether or not your systems are at risk.
What Linux distros are impacted?
In addition to the four Ubuntu variants listed above, the following major distros may be at risk: Fedora, openSUSE, LinuxMint, CentOS, Debian, Arch Linux, Gentoo.
How do I patch my Linux systems with Automox?
You can easily use the Automox platform to find out if you are at risk and to instantly patch the vulnerability on your impacted systems to quickly mitigate the security risk. To do so, follow this brief process:
Log in to the console and click on the ‘Software’ icon found in the left navigation pane. In the search box on the ‘Software’ page, simply type ‘snapd’ and hit enter. You’ll see in the example below that there are 7 endpoints that have potentially been impacted:
By looking closer, you’ll see that the ‘State’ for each of these endpoints is set to ‘Patch on schedule’ which means they will be automatically patched whenever the package is available. To patch the systems immediately, you can use the Actions dropdown to select ‘Patch Now’. With Automox, it’s always this simple to address a critical vulnerability.
Automox can help ensure your systems are adequately patched in a timely manner in order to protect your organization against any vulnerability such as Snapd discussed here in detail. As a best practice, you should always ensure that you have at least one patch policy assigned to all of your devices for Critical, Medium, and Low severity patches. These updates are generally Security and Cumulative software updates. Automox is designed to automate your response to zero-day vulnerabilities like this and others across the Windows, Mac, and Linux operating systems.
Current Automox customers can create policies that automatically handle the patching and execution of important updates for you every single month. Alternatively, you may contact our support team for any technical assistance at firstname.lastname@example.org.
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.