Microsoft security experts have discovered two vulnerabilities in Linux that give an attacker root access to the system. Called by the Nimbuspwn company , the failures are considered serious. Both can be exploited for ransomware attacks or data theft, for example.
Officially, the vulnerabilities were identified as CVE-2022-29799 and CVE-2022-29800. They manifest in the networkd-dispatcher . This is a component present in most Linux distributions that reports changes in network status and can execute scripts in response to them.
The first issue is a directory traversal vulnerability. In this modality, the attacker can gain access to files or directories that exist outside the root directory. This basically means that a hacker can leave the networkd-dispatcher directory (usually /etc/networkd-dispatcher) to exploit other parts of the system.
In turn, the second problem is of the TOCTOU type, an acronym for Time Of Check To Time Of Use. Faults of this type exploit the time difference between checking the state of a component and its execution.
In networkd-dispatcher, TOCTOU is exploited based on the time interval between scripts being checked and executed. A hacker can exploit this period to replace legitimate scripts with malicious ones.
To ensure that the malicious payload is executed, the attacker needs to inject various scripts into the system. But this is only a complicating factor, not a deterrent. With this approach, it took Microsoft researchers just three tries for a malicious script to run during the experiment.
Exploitation of both issues gives access to the system with administrator (root) privileges. The consequences can be disastrous, after all, the range of malicious actions possible through these privileges is wide.
Hackers can use Nimbuspwn vulnerabilities to install backdoors, implement ransomware, steal sensitive data, break down system protections, and so on.
Nimbuspwn glitches are now fixed
Nimbuspwn vulnerabilities are of concern, as has become clear. But there’s good news: when he heard about them, Clayton Craft, maintainer of the networkd-dispatcher, went to work on the fixes. Not coincidentally, Microsoft thanked the developer “for his professionalism and collaboration in resolving these issues.”
As the fixes are already available, it is to be expected that distributions will include them in their next update cycles. It is recommended that they be installed as soon as possible, of course, especially on server installations of Linux.
In the course of the text, you may have wondered: why did Microsoft research security issues in Linux? The explanation lies in the fact that the discovery came from the Microsoft 365 Defender division , which operates in the corporate segment. Customers in this division can work with multiple platforms, which is why the company does not limit its range of actions to the Windows ecosystem.