The Microsoft 365 Defender team discovered two privilege escalation flaws in Linux operating system. These flaws are worrisome as they can cause further damage by giving access for various malicious operations. Although Linux was long thought to be one of the most secure systems, it is now known that cybercriminals have only looked for more ways to attack. Learn the details in this article.
Linux has two privilege escalation flaws
Both flaws were collectively called “Nimbuspwn,” but each carries the following codes: CVE-2022-29799 and CVE-2022-29800. These have their roots in a certain system component called networkd-dispatcher, a daemon program for the network manager system service, designed to dispatch network status changes.
As Jonathan Bar Or of the Microsoft 365 Defender Research Team explains: “The flaws can be chained together to gain root privileges on Linux systems, allowing attackers to deploy payloads, like a root backdoor, and perform other malicious actions via arbitrary root code execution.”
In addition to all this, both flaws can be used as vectors to gain deeper access and implement more developed and dangerous threats such as ransomware. As specified in The Hackers News: “They relate to a combination of directory traversal (CVE-2022-29799), symbolic link (aka symlink) race, and time-of-check to time-of-use (CVE-2022-29800 ) flaws, leading to a scenario where an adversary in control of a rogue D-Bus service can plant and execute malicious backdoors on the compromised endpoints.”
As always, it is recommended that users update to the latest versions immediately to patch these vulnerabilities and keep systems protected. In addition to this, Microsoft 365 Defender was very clear in emphasizing that: “The growing number of vulnerabilities on Linux environments emphasize the need for strong monitoring of the platform’s operating system and its components.” All of this, plus the impressive number of threats and attacks lately, leads to an increasing need to raise cybersecurity awareness.
Keep in touch with our blog to read the latest news and innovations in the cybersecurity world.
Facebook: Eagle Tech Corp
LinkedIn: Eagle Tech
YouTube: Eagle Tech Corp