Microsoft disclosed Tuesday a pair of privilege escalation flaws in Linux that could allow attackers to execute a variety of criminal activities.
Collectively called “Nimbuspwn,” the flaws “can be chained together to gain root privileges on Linux systems, allowing attackers to deploy payloads, like a root backdoor, and perform other malicious actions via arbitrary root code execution,” Jonathan Bar Or of the Microsoft 365 Defender Research Team said in a report.
On top of that, the defects — tracked as CVE-2022-29799 and CVE-2022-29800 — could also be weaponized as a vector for root access to deploy more sophisticated threats such as ransomware.
The vulnerabilities are rooted in a systemd component called networkd-dispatcher, a daemon program for the network manager system service that’s designed to dispatch network status changes.
Specifically, they relate to a combination of directory traversal (CVE-2022-29799), symbolic link (aka symlink) race, and time-of-check to time-of-use (CVE-2022-29800) flaws, leading to a scenario where an adversary in control of a rogue D-Bus service can plant and execute malicious backdoors on the compromised endpoints.
Users of networked-dispatcher should update to the most recent version in order to avoid potential exploiting flaws.
” The increasing number of Linux-based vulnerabilities emphasizes the importance of strong monitoring of its operating system and components,” Bar Or stated.
” This constant stream of attacks across a variety of devices and platforms highlights the importance of a proactive and comprehensive vulnerability management strategy that can identify and mitigate any previously undiscovered exploits or issues. “
