A New Linux Vulnerability Could Provide Root Access to Systems

By

Microsoft discovered a pair of vulnerabilities in Linux that can be chained together to provide root access to would-be attackers.

Dubbed “Nimbuspwn,” the vulnerabilities (CVE-2022-29799 and CVE-2022-29800) are located in the networkd-dispatcher daemon that checks for systemd-networkd connection status changes.

According to Microsoft’s principal security researcher, Jonathan Bar Or, “Reviewing the code flow for networkd-dispatcher revealed multiple security concerns, including directory traversal, symlink race, and time-of-check-time-of-use race condition issues, which could be leveraged to elevate privileges and deploy malware or carry out other malicious activities.”

Nimbuspwn allows for attackers to deploy payloads (such as a root backdoor) and can be exploited as a vector for root access by attackers using ransomware to reach an even greater impact on vulnerable devices.

The one caveat to Nimbuspwn is that attackers would need local access to targeted systems in order to gain any leverage via the vulnerabilities.

Both vulnerabilities have been patched by the network-dispatcher maintainer, Clayton Craft. All Linux admins are encouraged to immediately update all of their systems to apply the patch.

Mike Parkin, senior technical engineer at Vulcan Cyber said of Nimbuspwn, “Any vulnerability that potentially gives an attacker root-level access is problematic. Fortunately, as is common with many open-source projects, patches for this new vulnerability were quickly released.”

04/28/2022
comments powered by Disqus