Security News > 2022 > April > Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800)
Microsoft has unearthed two security vulnerabilities in the networkd-dispatcher daemon that may be exploited by attackers to gain root on many Linux endpoints, allowing them to deploy backdoors, malware, ransomware, or perform other malicious actions.
CVE-2022-29799 is a directory traversal bug; CVE-2022-29800 is a time-of-check-time-of-use race condition that could allow an attacker to replace scripts that networkd-dispatcher believes to be owned by root to ones that are not.
They've also made the exploit deliver a root backdoor, to allow for permanent root capabilities.
The question now remains which Linux distributions use the vulnerable networkd-dispatcher.
It's true that vulnerabilities that allow local elevation of privilege are less critical that those that allow unauthenticated remote code execution, as attackers must first find a way to gain access to the target system before even thinking about starting to exploit them.
Still, they are regularly taken advantage of by attackers - Dirty Pipe has, for example, been added to CISA's Known Exploited Vulnerabilities Catalog on Monday.
News URL
https://www.helpnetsecurity.com/2022/04/27/cve-2022-29799-cve-2022-29800/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-21 | CVE-2022-29800 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Microsoft Windows Defender for Endpoint A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. | 4.7 |
| 2022-09-21 | CVE-2022-29799 | Path Traversal vulnerability in Microsoft Windows Defender for Endpoint A vulnerability was found in networkd-dispatcher. | 5.5 |