Microsoft on Tuesday disclosed a set of two privilege escalation vulnerabilities in the Linux operating system that could potentially allow attackers to perform a range of nefarious activities.
collectively called”Nimbuspwn,” the bugs “can be chained to gain root privileges on Linux systems, allowing attackers to deploy payloads such as a root backdoor and perform other malicious actions via arbitrary root code execution,” Microsoft 365’s Jonathan Bar Or Defender Research Team said in a report.
In addition, the defects are tracked as CVE-2022-29799 and CVE-2022-29800 – could also be armed as a root access vector to deploy more sophisticated threats like ransomware.
The vulnerabilities originate in a systemd component called networkd-dispatcher, a network manager system service daemon program that dispatches network status changes.
Specifically, they relate to a combination of Directory Traversal (CVE-2022-29799), Symbolic Link (aka Symlink) Race, and Time-of-Check-to-Time-of-Use (CVE-2022-29800) errors, leading to a Scenario in which an attacker in control of a rogue D-Bus service can install and run malicious backdoors on the compromised endpoints.
networkd-dispatcher users are strongly advised to update their instances to the latest version to mitigate the potential of exploiting the bugs.
“The growing number of vulnerabilities in Linux environments underscores the need for tight monitoring of the platform’s operating system and its components,” said Bar Or.
“This constant barrage of attacks spanning a variety of platforms, devices and other domains underscores the need for a comprehensive and proactive vulnerability management approach that can further identify and mitigate even previously unknown exploits and problems.”