cve/2019/CVE-2019-7304.md

### [CVE-2019-7304](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7304)
![](https://img.shields.io/static/v1?label=Product&message=snapd&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C%202.37.1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Type%20confusion%20when%20performing%20access%20control%20check&color=brighgreen)

### Description

Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.

### POC

#### Reference
- https://www.exploit-db.com/exploits/46361
- https://www.exploit-db.com/exploits/46362

#### Github
- https://github.com/0xStrygwyr/OSCP-Guide
- https://github.com/0xT11/CVE-POC
- https://github.com/0xZipp0/OSCP
- https://github.com/0xsyr0/OSCP
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Al1ex/LinuxEelvation
- https://github.com/BGrewell/SockPuppet
- https://github.com/Dhayalanb/Snapd-V2
- https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits
- https://github.com/Ly0nt4r/OSCP
- https://github.com/SecuritySi/CVE-2019-7304_DirtySock
- https://github.com/SirElmard/ethical_hacking
- https://github.com/Snoopy-Sec/Localroot-ALL-CVE
- https://github.com/VieVaWaldi/DirtySock
- https://github.com/WalterEhren/DirtySock
- https://github.com/WalterEren/DirtySock
- https://github.com/anoaghost/Localroot_Compile
- https://github.com/bgrewell/SockPuppet
- https://github.com/blkdevcon/awesome-starz
- https://github.com/chorankates/OpenAdmin
- https://github.com/developer3000S/PoC-in-GitHub
- https://github.com/e-hakson/OSCP
- https://github.com/eljosep/OSCP-Guide
- https://github.com/elvi7major/snap_priv_esc
- https://github.com/f4T1H21/HackTheBox-Writeups
- https://github.com/f4T1H21/dirty_sock
- https://github.com/fei9747/LinuxEelvation
- https://github.com/hectorgie/PoC-in-GitHub
- https://github.com/initstring/dirty_sock
- https://github.com/kgwanjala/oscp-cheatsheet
- https://github.com/lacework/up-and-running-packer
- https://github.com/nitishbadole/oscp-note-3
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/oscpname/OSCP_cheat
- https://github.com/rakjong/LinuxElevation
- https://github.com/revanmalang/OSCP
- https://github.com/scottford-lw/up-and-running-packer
- https://github.com/siddicky/yotjf
- https://github.com/txuswashere/OSCP
- https://github.com/xhref/OSCP
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2019-7304](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7304)`
			`![](https://img.shields.io/static/v1?label=Product&message=snapd&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=%3C%202.37.1%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=Type%20confusion%20when%20performing%20access%20control%20check&color=brighgreen)`

			`### Description`

			`Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.`

			`### POC`

			`#### Reference`
			`- https://www.exploit-db.com/exploits/46361`
			`- https://www.exploit-db.com/exploits/46362`

			`#### Github`
			`- https://github.com/0xStrygwyr/OSCP-Guide`
			`- https://github.com/0xT11/CVE-POC`
			`- https://github.com/0xZipp0/OSCP`
			`- https://github.com/0xsyr0/OSCP`
			`- https://github.com/ARPSyndicate/cvemon`
			`- https://github.com/Al1ex/LinuxEelvation`
			`- https://github.com/BGrewell/SockPuppet`
			`- https://github.com/Dhayalanb/Snapd-V2`
			`- https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits`
			`- https://github.com/Ly0nt4r/OSCP`
			`- https://github.com/SecuritySi/CVE-2019-7304_DirtySock`
			`- https://github.com/SirElmard/ethical_hacking`
			`- https://github.com/Snoopy-Sec/Localroot-ALL-CVE`
			`- https://github.com/VieVaWaldi/DirtySock`
			`- https://github.com/WalterEhren/DirtySock`
			`- https://github.com/WalterEren/DirtySock`
			`- https://github.com/anoaghost/Localroot_Compile`
			`- https://github.com/bgrewell/SockPuppet`
			`- https://github.com/blkdevcon/awesome-starz`
			`- https://github.com/chorankates/OpenAdmin`
			`- https://github.com/developer3000S/PoC-in-GitHub`
			`- https://github.com/e-hakson/OSCP`
			`- https://github.com/eljosep/OSCP-Guide`
			`- https://github.com/elvi7major/snap_priv_esc`
			`- https://github.com/f4T1H21/HackTheBox-Writeups`
			`- https://github.com/f4T1H21/dirty_sock`
			`- https://github.com/fei9747/LinuxEelvation`
			`- https://github.com/hectorgie/PoC-in-GitHub`
			`- https://github.com/initstring/dirty_sock`
			`- https://github.com/kgwanjala/oscp-cheatsheet`
			`- https://github.com/lacework/up-and-running-packer`
			`- https://github.com/nitishbadole/oscp-note-3`
			`- https://github.com/nomi-sec/PoC-in-GitHub`
			`- https://github.com/oscpname/OSCP_cheat`
			`- https://github.com/rakjong/LinuxElevation`
			`- https://github.com/revanmalang/OSCP`
			`- https://github.com/scottford-lw/up-and-running-packer`
			`- https://github.com/siddicky/yotjf`
			`- https://github.com/txuswashere/OSCP`
			`- https://github.com/xhref/OSCP`