Multiple “Nimbuspwn” Vulnerabilities Allowed Linux Privilege Escalation

The tech giant Microsoft has recently shared details about multiple vulnerabilities affecting Linux systems. Identified as “Nimbuspwn,” exploiting the vulnerabilities could allow an attacker to gain elevated privileges on the target Linux machines.

Nimbuspwn Linux Vulnerabilities Caught Microsoft’s Attention

As elaborated in a detailed blog post, the “Nimbuspwn” vulnerabilities existed in the networkd-dispatcher Linux component.

Specifically, “networkd-dispatcher” is a “dispatcher daemon for systemd-networkd connection status changes.”

Briefly, the researchers found two different vulnerabilities in the unit when, while “listening to messages on the System Bus” during their code analysis, they noticed an “odd pattern” in the said component. Exploiting the bugs could allow an attacker to gain elevated privileges. In the worst exploitation scenario, an attacker could even gain root access to the target systems and execute malicious codes.

The vulnerabilities include CVE-2022-29799 – a directory traversal vulnerability, and CVE-2022-29800 – Time-of-check-time-of-use (TOCTOU) race condition.

Describing the directory traversal flaw, Microsoft stated,

none of the functions in the flow sanitize the OperationalState or the AdministrativeState. Since the states are used to build the script path, it is possible that a state would contain directory traversal patterns (e.g. “../../”) to escape from the “/etc/networkd-dispatcher” base directory.

Whereas the second vulnerability, race condition, existed because

there is a certain time between the scripts being discovered and them being run. An attacker can abuse this vulnerability to replace scripts that networkd-dispatcher believes to be owned by root to ones that are not.

In addition, the researchers also caught a “Symlink race” issue that could contribute to the exploit in a chained manner. Microsoft has shared the technical details of the flaws and the exploit in their post.

Patch Deployed

Microsoft confirmed that the maintainer of the vulnerable unit “networkd-dispatcher”, Clayton Craft, has patched the flaws.

Hence, now, all Linux users should update their systems to receive the patches at the earliest to avoid potential risks.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients