Jump to content

Ubuntu 'command-not-found' tool can be abused to spread malware

abarbarian

By abarbarian
in Security & Networking

 Share

Recommended Posts

abarbarian

abarbarian

Posted
Posted

Ubuntu 'command-not-found' tool can be abused to spread malware

 

This article concerns the use of SNAP's which I do not use. I stumbled across this and it comes from a very reputable source and the threat is easy to exploit. So I thought folks needed to be warned about it.

 

Quote

The loophole was discovered by Aqua Nautilus researchers who have found that approximately 26% of Advanced Package Tool (APT) package commands are at risk of impersonation by malicious snap packages, presenting a significant supply chain risk for Linux and Windows Subsystem for Linux (WSL) users.

Quote

For example, any Ubuntu forks or Linux distributions that use the 'command-not-found' utility by default, along with the Snap package system, are also vulnerable.

 

I have been known to snap a penguin though. 🤣

 

penguin-individual-163735-1.jpg

  • Like 1
Link to comment
Share on other sites
securitybreach

securitybreach

Posted
Posted

That's what happens when you decide to incorporate user submitted packages into your main repos. I do not know why they call it a loophole as its very easy. I am familiar with the 'command not found' tool as I have it on my arch prompt. The problem is that on ubuntu, it gives you all kinds of sources to choose from. Well snap are not very secure packages and aren't on a ranking system like AUR so it would be very simple to add malware or have the source point to a different malicious mirror. Plus you do not actually see what a snap package is doing as there is no PKGBUILD file or anything like when using an AUR package. Using non-verified applications is a huge security issue on Ubuntu.

Link to comment
Share on other sites
abarbarian

abarbarian

Posted
  • Author
Posted
23 hours ago, securitybreach said:

That's what happens when you decide to incorporate user submitted packages into your main repos. I do not know why they call it a loophole as its very easy. I am familiar with the 'command not found' tool as I have it on my arch prompt. The problem is that on ubuntu, it gives you all kinds of sources to choose from. Well snap are not very secure packages and aren't on a ranking system like AUR so it would be very simple to add malware or have the source point to a different malicious mirror. Plus you do not actually see what a snap package is doing as there is no PKGBUILD file or anything like when using an AUR package. Using non-verified applications is a huge security issue on Ubuntu.

 

Agree totally. I have never ever used a SNAP for the reasons above. 😎

  • Like 1
Link to comment
Share on other sites
abarbarian

abarbarian

Posted
  • Author
Posted
10 hours ago, crp said:

is this 'command not found' the one that says " we didn't find that , we think this might be what you meant " ?

 

How to fix a "Command not found" error in Linux

 

Quote

When you're trying to run a command (with or without sudo) and get an error message that reads "Command not found," this means the script or file you're trying to execute doesn't exist in the location specified by your PATH variable. What is this variable, and how can you run commands that it can't find?

Quote

Stick to the path

In this tutorial, you learned five ways to fix a "Command not found" error in your terminal—three of which rely on the PATH variable. Now that you know what variables are and how command executables are found, you won't be so mystified when the "Command not found" error appears on your screen.

 

😛

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...