⚡ TL;DR | Go Straight to the Nimbuspwn Vulnerability Report
Nimbuspwn
The Microsoft 365 Defender Research Team disclosed two new privilege escalation vulnerabilities in Linux. Listed as CVE-2022-29799 and CVE-2022-29800, both of the vulnerabilities are rooted in the systemd component networkd-dispatcher, a component that is responsible for dispatching network status changes for Linux.
The combined efforts of the directory traversal, symlink race, and time-of-check time-of-use (TOCTOU) race condition present in the two vulnerabilites creates a scenario where attackers can get root access on Linux devices, allowing them to deploy packages, ransomware, or execute code. With the growing number of Linux-based devices in organizations, it is becoming increasingly important to ensure vulnerabilities are kept in check, especially due to the exponential growth of ransomware cases.
“This constant bombardment of attacks spanning a wide range of platforms, devices, and other domains emphasizes the need for a comprehensive and proactive vulnerability management approach that can further identify and mitigate even previously unknown exploits and issues.” Microsoft said.
While the Microsoft team does mention that a fix for the vulnerabilities has been created. We have not been able to identify which specific version has the fix included. Linux distributions will likely start offering new networkd-dispatcher versions soon to provide protection against exploitation.
Discover Vulnerable Devices
To help with this process, we’ve created a specialized report that provided an overview of all your Linux machines along with the networkd-dispatcher version installed. It is best to check the distribution’s website for specific information on CVE-2022-29799 and CVE-2022-29800 along with when and which networkd-dispatcher version has a fix included.
