List All networkd-dispatcher Installations and Versions
Two vulnerabilities have been disclosed by the Microsoft 365 Defender Research Team. CVE-2022-29799 and CVE-2022-29800 dubbed "Nimbuspwn" are two vulnerabilities that, when combined can allow attackers to gain root access, allowing them to do anything from deploying packages, execute code, install ransomware, and more. The vulnerabilities lie in the the networkd-dispatcher package. A part of the systemd component that is responsible for dispatching network status changes. You can read more about the vulnerability in the Nimbuspwn blog post.
The report below provides an overview of all Linux machines where the networkd-dispatcher has been found. It also lists the specific version of networkd-dispatcher installed. The vulnerability has been patched in the networkd-dispatcher, although the version in which it has been fixed isn't clear. Presumably, Linux distributions will start updating their networkd-dispatcher versions soon.
Nimbuspwn Vulnerability Query
Select Top 1000000 tblAssets.AssetID, tblAssets.AssetName, tsysAssetTypes.AssetTypename As AssetType, tsysAssetTypes.AssetTypeIcon10 As icon, tblAssets.IPAddress, tblSoftwareUni.softwareName As Software, tblLinuxSoftware.Version As Version, tsysIPLocations.IPLocation, tblAssetCustom.Manufacturer, tblAssetCustom.Model, tblLinuxSystem.OSRelease As OS, tblLinuxSystem.KernelRelease, tblAssets.Lastseen, tblAssets.Lasttried, tblLinuxSoftware.LastChanged From tblAssets Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype Inner Join tsysIPLocations On tsysIPLocations.LocationID = tblAssets.LocationID Inner Join tblState On tblState.State = tblAssetCustom.State Inner Join tblLinuxSoftware On tblAssets.AssetID = tblLinuxSoftware.AssetID Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblLinuxSoftware.SoftwareUniID Inner Join tblLinuxSystem On tblAssets.AssetID = tblLinuxSystem.AssetID Where tblSoftwareUni.softwareName Like '%networkd-dispatcher%' And tblState.Statename = 'Active' Order By tblAssets.Domain, tblAssets.AssetName, Software