Microsoft discovers new privilege escalation flaws in the Linux operating system

Microsoft disclosed on Tuesday a set of two privilege escalation vulnerabilities in the Linux operating system that could allow threat actors to carry out a series of nefarious activities.

Collectively called “Nimbuspwnflaws “can be chained to gain root privileges on Linux systems, allowing attackers to deploy payloads such as a root backdoor and perform other malicious actions through arbitrary root code execution”, Jonathan Bar Or from the Microsoft 365 Defender research team. he said in a report.

cyber security

On top of that, defects, tracked as CVE-2022-29799 and CVE-2022-29800 – could also be weaponized as a vector for root access to deploy more sophisticated threats like ransomware.

The vulnerabilities are rooted in a component of systemd called networkd-dispatcher, a daemon program for the network manager system service that is designed to dispatch network state changes.

Privilege escalation flaws in Linux

Specifically, they relate to a combination of directory traversal flaws (CVE-2022-29799), symbolic link race (also known as symlink), and check-to-use time flaws (CVE-2022-29800), leading to a scenario where an adversary controlling a rogue D-Bus service can plant and execute malicious backdoors on compromised endpoints.

cyber security

Users of networkd-dispatcher are strongly recommended to update their instances to the latest version to mitigate the potential arising from exploiting the flaws.

“The growing number of vulnerabilities in Linux environments emphasizes the need for strong monitoring of the platform operating system and its components,” said Bar Or.

“This constant barrage of attacks spanning a wide range of platforms, devices and other domains emphasizes the need for a comprehensive and proactive vulnerability management approach that can further identify and mitigate previously unknown exploits and issues.”

Leave a Comment