FILE-OTHER Snapd dirty_sock exploit download attempt
This event is generated when an attempt to download an exploit for Snapd API is detected
snapd 2.28 through 2.37 incorrectly validated and parsed the remote socket address when performing access controls on its UNIX socket. A local attacker could use this to access privileged socket APIs and obtain administrator privileges.
- Snapd versions 2.28 through 2.37
Ease of attack
Upgrade to the latest available version of Snapd
- Cisco Talos Intelligence Group