New Nimbuspwn Linux vulnerability gives hackers root privileges:
A new set of vulnerabilities collectively tracked as Nimbuspwn could let local attackers escalate privileges on Linux systems to deploy malware ranging from backdoors to ransomware.
Security researchers at Microsoft disclosed the issues in a report today noting that they can be chained together to achieve root privileges on a vulnerable system.
Tracked as CVE-2022-29799 and CVE-2022-29800, the Nimbuspwn security issues were discovered in networkd-dispatcher, a component that sends connection status changes on Linux machines.
Discovering the vulnerabilities started with "listening to messages on the System Bus," which prompted the researchers to review the code flow for networkd-dispatcher.
The Nimbuspwn security flaws refer to directory traversal, symlink race, and time-of-check-time-of-use (TOCTOU) race condition issues, explains Microsoft researcher Jonathan Bar Or says in the report.
One observation that piqued interest was that the networkd-dispatcher daemon was running at boot time with root privileges on the system.
The researcher noticed that the daemon used a method called "_run_hooks_for_state" to discover and run scripts depending on the detected network state.
The logic implemented by "_run_hooks_for_state" includes returning executable script files owned by the root user and the root group that are in the "/etc/networkd-dispatcher/.d" directory.
It runs each script in the above location using the process called subprocess.Popen while supplying custom environment variables.
[...] Linux users are recommended to patch their systems as soon as the fixes become available for their operating system.
(Score: 5, Interesting) by Anonymous Coward on Friday April 29 2022, @10:37AM (5 children)
You know, Devuan, Slackware, the smarter Gentoo users...
(Score: 4, Insightful) by digitalaudiorock on Friday April 29 2022, @11:50AM (2 children)
This. Nothing but Gentoo here and my company switched from CentOS to Devuan after CentOS went to systemd. Something I've always wondered about: A lot of the security in OSS depends on a lot of eyes looking at code, but I tend to wonder how many outside of LP & Co at RH ever actually look at that mess...though apparently MS is to some extent...possibly in part to give "Linux" a bad name. My guess is that it's looked at mostly only by RH, and probably all the black hats out there who likely already knew about this, and probably others nobody else is aware of. Good luck with all that.
(Score: 0) by Anonymous Coward on Friday April 29 2022, @12:06PM (1 child)
I don't think you're being completely fair. My perception is that most security related issues are handled by the software project itself. Some issues might be raised by distros, but I think there are also a fair amount of issues raised by the users of the project, the devs themselves and analysts from a scientific POV. With the exception of the latter, I think most of the other ones just bump into them by accident, mainly due to things not working as they should. But, I could be wrong about this.
I always liked the Gentoo "if you don't need it, don't include support for it"-approach, but that doesn't mean Gentoo doesn't write code based on false assumptions. Everybody makes mistakes, and finding them can be hard sometimes. I've seen plenty of code, provided patches myself, but specifically searching for security issues is something that I couldn't do, even if I wanted to (mostly due to the amount of false positives that I would come up with).
(Score: 5, Insightful) by digitalaudiorock on Friday April 29 2022, @12:24PM
A lot of what you're saying is valid. I'd say however that the larger fault here still lies with systemd itself, because of it's horrific "design"...that being the polar opposite of KISS. For example, who is it that didn't realize you're begging for security issues running an otherwise lean headless server that has a bloated "init system" with a mostly unnecessary footprint larger than you're entire fucking kernel?! There are/were reasons for the simplicity that's all but vanished in the age of that mess.
(Score: 5, Touché) by hendrikboom on Friday April 29 2022, @08:31PM
We need to stop letting people use the word "Linux" for systemd.
(Score: 3, Interesting) by KritonK on Saturday April 30 2022, @06:00AM
Some improperly designed ones aren't vulnerable, either:
SUSE does not ship networkd-dispatcher and is not affected by this security vulnerability [suse.com].
I don't have networkd-dispatcher in my OpenSUSE Tumbleweed machines, and we don't seem to have it in our CentOS 7 servers either.
So, I guess the problem isn't a vulnerability in either Linux or systemd, but in a piece of software, that certain distributions (Ubuntu and/or Debian ?) have chosen to bundle with Linux. Or does "Linux" mean Ubuntu and/or Debian these days?
(Score: 1, Interesting) by Anonymous Coward on Friday April 29 2022, @11:01AM (8 children)
networkd-dispatcher... doesn't ring a bell, never encountered it when configuring a new kernel.
Let me guess... it's a systemd component?
(Score: 1, Informative) by Anonymous Coward on Friday April 29 2022, @01:46PM (7 children)
It's not. It monitors networkd (which is a systemd component) for connection status changes, but it is not part of systemd, somebody else wrote it [gitlab.com].
(Score: 4, Interesting) by RS3 on Friday April 29 2022, @04:56PM (6 children)
Would networkd-dispatcher be in any way useful in an OS without systemd?
(Score: -1, Flamebait) by Anonymous Coward on Friday April 29 2022, @06:19PM (4 children)
Are you saying that non-systemd systems don't require network monitoring ?
(Score: 2) by RS3 on Friday April 29 2022, @09:10PM
I didn't say anything, I asked a question because I don't know the answer and was hoping someone would answer with information.
(Score: 4, Funny) by FatPhil on Saturday April 30 2022, @08:02AM (2 children)
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 2) by RS3 on Monday May 02 2022, @09:35PM (1 child)
I'll take it a step farther (further?): do systems need network monitoring?
And either way, someone please define "monitoring". Like, how much detail are we looking into? And what is done with the monitoring? Logging?
CentOS systems I admin do a pretty good job of monitoring / logging network daemon activity (systemd-less CentOS 6).
(Score: 0) by Anonymous Coward on Tuesday May 03 2022, @06:44AM
Well, yes and no. You don't need one to operate your computer. However, most people appreciate the ability to have their WiFi connect to known networks, for Ethernet state changes to get the right IP addresses, for network shares to be mounted automatically, for other network-dependent daemons to be started, for VPNs to be brought up, prefer Ethernet over wireless over mobile, PPP connections to modem states, etc. Some of those are considered so basic that they have network managers handle all the necessary steps for you instead of having to configure the dispatcher on its own with separate do-one-thing-well services.
(Score: 0) by Anonymous Coward on Friday April 29 2022, @10:18PM
Depending on the supported interfaces, it could be. But most network configuration systems have their own dispatcher service.
(Score: 1, Troll) by Thexalon on Friday April 29 2022, @11:37AM (13 children)
Gee, I wonder why they were looking at their main competitor's code for security problems ...
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 4, Interesting) by canopic jug on Friday April 29 2022, @12:13PM (4 children)
Gee, I wonder why they were looking at their main competitor's code for security problems ...
To belabor the obvious and to answer a rhetorical question unnecessarily, it's a matter of novelty versus routine events. Both local and remote vulnerabilities are common place in Windows, daily occurrences in fact, and so is active exploitation of said Windows vulnerabilities. These are so commonplace that it is not news. Furthermore, M$ is in the middle of a massive malware epidemic which is still growing despite the epidemic's already enormous size. All these factors require that M$ find distractions from its own problems for the public or else the world will fire all its microsofters and hire IT staff as replacements to deploy more secure / securable systems and services. That would be a good thing but M$, the media it buys, and the politicians it rents are not going to let that happen easily.
However, now that WWIII has turned kinetic the stakes rise for cyberdefense such that if safety discussions ever get past the snow job that M$ + mainstream media are pulling on the populace, people and the politicians they elect will start to demand systems and services that are not like swiss cheese. That in turn will necessitate a clean sweep of every last microsofter and the systems and services they brought in.
Money is not free speech. Elections should not be auctions.
(Score: 4, Insightful) by DECbot on Friday April 29 2022, @02:06PM (3 children)
There's a simpler explanation, Microsoft runs Linux in Azure and even has its own distribution [github.com]. Additionally, they offer the WSL--so Microsoft has a lot of exposure to Linux. It is in their financial interests to find, publicize, and patch vulnerabilities. When I publicize, I don't must mean in a cynical, "M$ scares people away from Linux 'cause it keeps them on Windows" sort of way. They need the Linux community to believe them when they say they LOVE Linux. The "cloud" primarily runs Linux, and it has to be a first class citizen in their cloud offering, Azure, if any developer is to take them seriously. I am certain Microsoft would rather rent to you a VM and cloud app of Windows and Office than to sell you a license of Windows and Office to run on your local hardware. Why? The cloud offering is a monthly revenue for a service that stops working when you stop paying. The local install will work until the hardware dies.
cats~$ sudo chown -R us /home/base
(Score: 2) by canopic jug on Friday April 29 2022, @02:23PM (2 children)
Given that so few start with Azure and fewer stay, and that there have been layoffs in that department, I don't think that is a serious explanation is more a projection of positive wishes onto an entity which is as a group incapable of anything other than cynical, shortsighted maneuvering. The simplest explanation is probably the right one and the easiest path, especially in light of their decades of documented schemes, is that they are doing it to cast shade on a competitor.
Money is not free speech. Elections should not be auctions.
(Score: 2) by DECbot on Friday April 29 2022, @02:31PM (1 child)
I'm more than willing to admit it is likely a bit of both. Linux enthusiasts are told "MS -LOVES- Linux now, so please find and patch Linux bugs," from the very executives that want to extinguish Linux. Thus they can say to their largest customers, "See, Linux has just as mans critical vulnerabilities as Windows."
cats~$ sudo chown -R us /home/base
(Score: 2) by FatPhil on Saturday April 30 2022, @08:09AM
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 2, Insightful) by Anonymous Coward on Friday April 29 2022, @12:38PM (7 children)
Does the sender matter tho? Does it make it less of a vulnerability cause Microsoft found it or published it? Should they have held the knowledge back until someone else figured it out?
(Score: 2, Insightful) by Gaaark on Friday April 29 2022, @01:19PM (4 children)
While it's good that this was found, why aren't Microsoft employees looking at Microsoft's software to improve IT'S security?
Is it because they know their own shite is a horrible mess that is unsolvable and they are hoping to find problems elsewhere in order to deflect away? "HEY, LOOK OVER THERE!"
They shouldn't be throwing rocks at others from within a glass house.
And yes, systemd is a KISS hot mess (If i've used that phrase correctly): it's like systemd was DESIGNED by Microsoft.
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 1, Interesting) by Anonymous Coward on Friday April 29 2022, @01:35PM (2 children)
You do know that their Azure hosting business is a thing, right?
(Because nobody, and I mean nobody wants to run Windows on a server.)
Naturally they're gonna tune enterprise Linux for the cloud and that involves untangling a lot of Lennartware.
The guys that work on Azure aren't the same gang that write the clusterfudge that is Windows 11.
(Score: 2) by Freeman on Friday April 29 2022, @01:51PM (1 child)
That's a good thing, right? Right? One can only hope.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 0) by Anonymous Coward on Saturday April 30 2022, @03:04AM
There used to be a GUI for IIS configuration backup and restore. That no longer exists, you need to use the command line for that...
(Score: 3, Interesting) by FatPhil on Saturday April 30 2022, @08:11AM
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: -1, Interesting) by adamantine on Saturday April 30 2022, @06:53AM (1 child)
Has SoylentNews been overrun by Microsoft shills? Elizabeth is excluded, since she is in the open. For everyone else, what part of Fear, Uncertainty, and Doubt do you not understand?
(Score: -1, Offtopic) by Anonymous Coward on Saturday April 30 2022, @11:23PM
I honestly don't know why your post was modded as spam. It's the fucking truth. But they can't handle the truth.
I wouldn't be surprised if M$ shills were here, carefully controlling the comments.
(Score: 4, Funny) by Anonymous Coward on Friday April 29 2022, @02:34PM
A newThe old set of vulnerabilities collectively tracked asNimbuspwnsystemd could let local attackers escalate privileges on Linux systems to deploy malware ranging from backdoors to ransomware. I.e. is working as designed.networkd-dispatcher: Dispatcher service for systemd-networkd connection status changes
(Score: 0) by Anonymous Coward on Friday April 29 2022, @04:24PM
if you have time, please help make MAN pages more understandable for a new generation of *nix users.