Microsoft Discovers Linux Vulnerabilities That Could Allow Attackers to Gain Root Access
Microsoft 365 Defender Research team has discovered the vulnerabilities that are tracked as CVE-2022-29799 and CVE-2022-29800.
Advertisement
Highlights
- Microsoft researchers detailed the flaws in a blog post
- Linux distributions with networkd-dispatcher are at risk
- The developer of the system component fixed the issues
Hackers may use multiple scripts to exploit the vulnerabilities on a Linux system
Photo Credit: Reuters
Microsoft has revealed that it discovered a list of vulnerabilities that could allow bad actors to gain root system rights on Linux systems. Collectively called Nimbuspwn, the vulnerabilities could potentially be leveraged by attackers as a vector for root access by more sophisticated threats including malware and ransomware, the software giant said. The security flaws exist in a system component that is widely available on Linux distributions. Fixes for the reported vulnerabilities have been deployed by the maintainer of the component.
In a detailed blog post, Microsoft said that the vulnerabilities discovered by the Microsoft 365 Defender Research team could be grouped together to gain root privileges on Linux systems and allow attackers to execute ransomware attacks or malicious actions using arbitrary code.
The vulnerabilities, tracked as CVE-2022-29799 and CVE-2022-29800, were found in the component called networkd-dispatcher, which helps provide network status updates. It runs as root when a system starts to dispatch network status changes and run scripts to respond to a new network status.
However, it was discovered that the system component included a method "_run_hooks_for_state" that allows hackers to gain access to the “/etc/networkd-dispatcher” base directory. The method essentially exposes the Linux system to the directory traversal vulnerability, which is identified as CVE-2022-29799, by not sanitising the OperationalState or the AdministrativeState, according to the Microsoft researchers.
Advertisement
The same method is also found to have the Time-of-check-time-of-use (TOCTOU) race condition flaw, which is tracked as CVE-2022-29800. This particular flaw allows attackers to replace scripts that networkd-dispatcher believes to be owned by root with the ones that contain malicious code, the researchers said.
An attacker may use multiple malicious scripts one after another to exploit the vulnerability.
Advertisement
Microsoft researchers shared a proof-of-concept where they highlighted that in three attempts, they were able to win the race condition flaw and successfully plant their files.
As ArsTechnica notes, a hacker with minimal access to a vulnerable system can exploit the reported vulnerabilities to gain full root access.
Advertisement
Microsoft Principal Security Researcher Jonathan Bar Or told Gadgets 360 that the flaws have been fixed in the latest version of network-dispatcher. Users will be able to find the new version in a systemd update on their Linux machines. Otherwise, they can deploy the patches by manually install the latest network-dispatcher build.
Users can determine the existence of the vulnerabilities on their systems by using the details shared by Microsoft researchers. If the machines are vulnerable, it is highly recommended to look for the fixes.
Asus India's Arnold Su joins this week's Orbital, the Gadgets 360 podcast, to talk about how the PC maker is planning to grow its presence in the country. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.
For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.
Advertisement