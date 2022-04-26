from the I-am-Mr.-Nimbus! dept.
New Nimbuspwn Linux vulnerability gives hackers root privileges:
A new set of vulnerabilities collectively tracked as Nimbuspwn could let local attackers escalate privileges on Linux systems to deploy malware ranging from backdoors to ransomware.
Security researchers at Microsoft disclosed the issues in a report today noting that they can be chained together to achieve root privileges on a vulnerable system.
Tracked as CVE-2022-29799 and CVE-2022-29800, the Nimbuspwn security issues were discovered in networkd-dispatcher, a component that sends connection status changes on Linux machines.
Discovering the vulnerabilities started with "listening to messages on the System Bus," which prompted the researchers to review the code flow for networkd-dispatcher.
The Nimbuspwn security flaws refer to directory traversal, symlink race, and time-of-check-time-of-use (TOCTOU) race condition issues, explains Microsoft researcher Jonathan Bar Or says in the report.
One observation that piqued interest was that the networkd-dispatcher daemon was running at boot time with root privileges on the system.
The researcher noticed that the daemon used a method called "_run_hooks_for_state" to discover and run scripts depending on the detected network state.
The logic implemented by "_run_hooks_for_state" includes returning executable script files owned by the root user and the root group that are in the "/etc/networkd-dispatcher/.d" directory.
It runs each script in the above location using the process called subprocess.Popen while supplying custom environment variables.
[...] Linux users are recommended to patch their systems as soon as the fixes become available for their operating system.
(Score: 2, Touché) by Anonymous Coward on Friday April 29, @10:37AM (1 child)
You know, Devuan, Slackware, the smarter Gentoo users...
(Score: 2) by digitalaudiorock on Friday April 29, @11:50AM
This. Nothing but Gentoo here and my company switched from CentOS to Devuan after CentOS went to systemd. Something I've always wondered about: A lot of the security in OSS depends on a lot of eyes looking at code, but I tend to wonder how many outside of LP & Co at RH ever actually look at that mess...though apparently MS is to some extent...possibly in part to give "Linux" a bad name. My guess is that it's looked at mostly only by RH, and probably all the black hats out there who likely already knew about this, and probably others nobody else is aware of. Good luck with all that.
(Score: 0) by Anonymous Coward on Friday April 29, @11:01AM
networkd-dispatcher... doesn't ring a bell, never encountered it when configuring a new kernel.
Let me guess... it's a systemd component?
(Score: 2) by Thexalon on Friday April 29, @11:37AM
Gee, I wonder why they were looking at their main competitor's code for security problems ...
Alcohol makes the world go round ... and round and round.