Microsoft has revealed that it has discovered a list of vulnerabilities that could allow malicious actors to obtain root system rights on Linux systems. Collectively referred to as Nimbuspwn, the vulnerabilities could potentially be exploited by attackers as a vector of root access by more sophisticated threats including malware and ransomware, the software giant said. The security flaws exist in a system component widely available on Linux distributions. Fixes for reported vulnerabilities have been deployed by the component maintainer.
In a detailed blog post, Microsoft said the vulnerabilities discovered by the Microsoft 365 Defender Research team could be bundled to gain root privileges on Linux systems and allow attackers to perform ransomware attacks or malicious actions at using arbitrary code.
The vulnerabilities, tracked as CVE-2022-29799 and CVE-2022-29800, were found in the component called networkd-dispatcher, which helps provide network status updates. It runs as root when a system starts dispatching network state changes and running scripts to respond to a new network state.
However, the system component was discovered to include a “_run_hooks_for_state” method that allows hackers to access the “/etc/networkd-dispatcher” home directory. According to Microsoft researchers, the method essentially exposes the Linux system to the directory traversal vulnerability, identified as CVE-2022-29799, by not sanitizing OperationalState or AdministrativeState.
The same method also exhibits the Time-of-check-time-of-use (TOCTOU) race condition flaw, which is tracked as CVE-2022-29800. This particular flaw allows attackers to replace scripts that networkd-dispatcher thinks belong to root with ones that contain malicious code, the researchers said.
An attacker can use several malicious scripts one after another to exploit the vulnerability.
Microsoft researchers shared a proof of concept in which they highlighted that in three attempts, they were able to fix the race condition issue and successfully crash their files.
As ArsTechnica notes, a hacker with minimal access to a vulnerable system can exploit reported vulnerabilities to gain full root access.
Jonathan Bar Or, senior security researcher at Microsoft, told Gadgets 360 that the flaws have been fixed in the latest version of network-dispatcher. Users will be able to find the new version in a systemd update on their Linux machines. Otherwise, they can deploy the patches by manually installing the latest version of the network dispatcher.
Users can determine the existence of vulnerabilities on their systems using the details shared by Microsoft researchers. If the machines are vulnerable, it is strongly recommended to search for patches.