Go to computer terminal for registration
JD Cloud Security Team has detected disclosed local privilege escalation vulnerability (vulnerability No.: CVE-2019-7304) in Package Management software (Snap component) of Ubuntu recently. Attackers use the vulnerability to escalate their local normal user privilege to Root privilege. (JD Cloud Image is free from the affection of the vulnerability).
JD Cloud Security Team suggests you to timely carry out self-inspection. If you are in the affected scope, please timely update and fix to avoid intrusion by external attackers.
This vulnerability enables normal users to camouflage themselves as the root user to send requests to REST API provided by snapd. Attackers use elaborately constructed installation script or Ubuntu SSO to make normal uses without sudo privilege to get privilege of executing sudo, so as to get the capability of escalating root user privilege and achieve the effect of local privilege escalation.
Snap from Version 2.28 to 2.37.
Snap is installed in part of Ubuntu versions. Now the following versions are known as being affected:
Ubuntu 18.04 LTS
Ubuntu 16.04 LTS
Ubuntu 14.04 LTS
By running "snap version" or "snap --version" commands, check whether the current version is 2.37.1 or above that will not be affected.
At present, the details of the vulnerability have been disclosed and the official has fixed it in Version 2.37.1. Ubuntu users can upgrade snap to new version for fixing by apt update && apt-get install snap.
 Official Announcementhttps://usn.ubuntu.com/3887-1/
 Vulnerability Details:https://shenaniganslabs.io/2019/02/13/Dirty-Sock.html
JD Cloud Security Team
JD Cloud team2019-02-19 10:16:50