Microsoft has revealed that it has discovered a list of vulnerabilities that could allow bad actors to gain root system rights on Linux systems. Collectively called Nimbuspwn, the vulnerabilities could potentially be leveraged by attackers as a vector for root access by more sophisticated threats, including malware and ransomware, the software giant said. A security flaw exists in a system component that is widely available on Linux distributions. Corrections for reported vulnerabilities are deployed by the component’s maintainer.
one in detailed blog post, Microsoft Said that the vulnerabilities discovered by the Microsoft 365 Defender research team could be grouped together to gain root privileges Linux system and allows attackers to carry out ransomware attacks or malicious actions using arbitrary code.
The vulnerabilities, tracked as CVE-2022-29799 and CVE-2022-29800, were found in a component called networkd-dispatcher, which helps provide network status updates. It runs as root when a system starts sending network state changes and runs scripts to respond to the new network state.
However, it turned out that the system component includes a “_run_hooks_for_state” method that allows hackers to gain access to the “/etc/networkd-dispatcher” base directory. According to Microsoft researchers, this method essentially exposes Linux systems to a directory traversal vulnerability, identified as CVE-2022-29799, that does not clear OperationalState or AdministrativeState.
The same method also finds a time-of-check-time-of-use (TOCTOU) race condition fault, tracked as CVE-2022-29800. This particular flaw allows attackers to alter scripts that network-dispatchers believe to be owned by root that contain malicious code, the researchers said.
An attacker can use multiple malicious scripts one after the other to exploit the vulnerability.
Researchers at Microsoft shared a proof-of-concept, where they highlighted that in three attempts, they were able to conquer race condition vulnerabilities and successfully deploy their files.
As ArsTechnica notesA hacker with minimal access to a vulnerable system can exploit the reported vulnerabilities to gain full root access.
Microsoft Principal Security Researcher Jonathan Barr Ya told Gadgets 360 that the flaw in the latest version of Network-Dispatcher has been fixed. Users will be able to find the new version in systemd update on their Linux machines. Otherwise, they can deploy the patch by manually installing the latest network-dispatcher build.
Users can determine the existence of vulnerabilities on their systems using the details shared by Microsoft researchers. If the machines are weak, it is highly recommended to look for fixes.