Microsoft has discovered two privilege escalation vulnerabilities in the Linux operating system that could allow attackers to perform various malicious activities. They are CVE-2022-29799 and CVE-2022-29800, collectively referred to as “Nimbuspwn”.
The Microsoft 365 Defender security team released a report stating that these vulnerabilities “can be exploited in combination to gain root privileges on Linux systems, allowing attackers to deploy payloads such as root backdoors and perform other malicious operations through arbitrary root code execution.”
These vulnerabilities are located in a system component called “networkd-dispatcher”, which is a daemon program for the network management system service designed to issue notifications of network status changes. Specifically, they are related to a directory traversal (CVE-2022-29799), a race condition with symbolic links (i.e., system links), and TOCTOU (CVE-2022-29800), which could allow an attacker controlling a malicious D-Bus service to implant and execute a backdoor on the compromised endpoint.
It is strongly recommended that users of networkd-dispatcher update their instances to the latest version to mitigate the potential exploitation of these vulnerabilities. Bar Or stated, “The growing number of vulnerabilities in Linux environments underscores the necessity of robust monitoring of operating systems and their components. The spread of attacks across a vast number of platforms, devices, and other domains indicates the need for a comprehensive proactive vulnerability management approach to further identify and mitigate even previously unknown exploits and issues.”
Original link
https://thehackernews.com/2022/04/microsoft-discovers-new-privilege.html
Image credit: Pixabay License
“Reprinted from Qihoo 360 Code Guard
Long press to add attention, to safeguard you!