Wednesday, March 13, 2019

New Linux Flaw Can Give Hackers Full Access


Users of Linux should be watchful for the security flaw that is called Dirty Sock, which has been classified as CVE-2019-7304. It was Chris Moberly, a security researcher, who discovered this crucial security flaw. He immediately reported the details of his discovery to Ubuntu makers last month. The problem lies in the Snapd service’s REST API. If you are not sure what this is, you should call an IT consultant.
It is a universal Linux packaging unit that is responsible for creating applications that work well with Linux across different distributions, and with no changes to the executable needed. However, it also means that Ubunti is not the only build that is affected by the newly discovered flaw. Virtually all flavors of Linux is at great risk.
Moberly’s comment on the flaw:
"Snapd versions 2.28 through 2.37 incorrectly validated and parsed the remote socket address when performing access controls on its UNIX socket.  A local attacker could use this to access privileged socket APIs and obtain administrator privileges."
If there is any silver lining to the discovery made by Moberly, it is that the nature of the problem hinders the hacker from taking advantage of it remotely. They would need physical access to the unit or perhaps trick or force the user to do something that will initiate a program that will escalate privileges that will grant the hackers access. Even so, this flaw should not be ignored especially since it can be used to obtain complete access as well as control to a target unit. It is best to seek the help of an IT consultant Myrtle Beach for your home or business now.
Fortunately, the makers of Ubuntu, Canonical, moved quickly and have rolled out an update that deals with the flaw, with other leading Linux distributions following their lead as well. So, if it is been quite some time since you have updated last, now is the best time to do so. Always remember that it is better to be safe than sorry.

Call SpartanTec, Inc. if you are looking for a reliable and reputable IT consultant to help make sure that your computers are safe and secure.

SpartanTec, Inc.
Myrtle Beach, SC  29577
843-418-4792
https://www.spartantec.com/