Rewterz Threat Advisory – CVE-2019-7092 Unspecified Cross Site Scripting Vulnerability
February 13, 2019Rewterz Threat Alert – Hidden Cobra’s Skype-Job Campaign Targeting Inter-Bank Networks
February 14, 2019Rewterz Threat Advisory – CVE-2019-7092 Unspecified Cross Site Scripting Vulnerability
February 13, 2019Rewterz Threat Alert – Hidden Cobra’s Skype-Job Campaign Targeting Inter-Bank Networks
February 14, 2019Severity: High
Analysis Summary
The remote socket address is incorrectly validated and parsed when performing access controls on its UNIX socket. A local attacker could use this to access privileged socket APIs and obtain administrator privileges. The vulnerability resides in the REST API for snapd service, a universal Linux packaging system that makes an application compatible for various Linux distributions without requiring any modification.
Impact
Privilege escalation
System access
Affected Products
snapd 2.28 through 2.37
Remediation
Vendor has released updates for the affected products. Update to patched version.