CVE-2022-29799 & CVE-2022-29800: Linux Privilege Escalation Vulnerability
Microsoft reported on April 26 in the “Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn” blog that it discovered a new privilege elevation vulnerability “Nimbuspwn” in Linux. These vulnerabilities are tracked as CVE-2022-29799 and CVE-2022-29800. Cybercriminals exploit these vulnerabilities to elevate privileges on Linux systems and carry out various cyber attacks.
Nimbuspwn is a collective term for multiple vulnerabilities that can be elevated to root on Linux. Jonathan Bar Or of the Microsoft 365 Defender Research Team said in a report,
Nimbuspwn can be chained together to gain root privileges on Linux systems, allowing attackers to deploy payloads, like a root backdoor, and perform other malicious actions via arbitrary root code execution.
Microsoft analyzed the messages on System Bus and found a problem with the systemd unit called networkd-dispatcher. Networkd-dispatcher is a dispatcher daemon for systemd-networkd connection status changes. This daemon is similar to NetworkManager-dispatcher but is much more limited in the types of events it supports due to the limited nature of systemd-networkd.
Problems found include directory traversal, symlink race, and time-of-check-time-of-use race condition issues, which could be leveraged to elevate privileges and deploy malware or carry out other malicious activities. These vulnerabilities have been identified as CVE-2022-29799 and CVE-2022-29800 and have already been reported to the maintainers of the networkd-dispatcher.
Bar Or said:
“The growing number of vulnerabilities on Linux environments emphasize the need for strong monitoring of the platform’s operating system and its components. This constant bombardment of attacks spanning a wide range of platforms, devices, and other domains emphasizes the need for a comprehensive and proactive vulnerability management approach that can further identify and mitigate even previously unknown exploits and issues.”
Microsoft recommends that users should update networkd-dispatcher to the latest version. It is desirable to constantly upgrade the software used to the latest version to reduce the risk of known security vulnerabilities.
