Security News > 2022 > April > Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800)

Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800)
2022-04-27 10:44

Microsoft has unearthed two security vulnerabilities in the networkd-dispatcher daemon that may be exploited by attackers to gain root on many Linux endpoints, allowing them to deploy backdoors, malware, ransomware, or perform other malicious actions.

CVE-2022-29799 is a directory traversal bug; CVE-2022-29800 is a time-of-check-time-of-use race condition that could allow an attacker to replace scripts that networkd-dispatcher believes to be owned by root to ones that are not.

They've also made the exploit deliver a root backdoor, to allow for permanent root capabilities.

The question now remains which Linux distributions use the vulnerable networkd-dispatcher.

It's true that vulnerabilities that allow local elevation of privilege are less critical that those that allow unauthenticated remote code execution, as attackers must first find a way to gain access to the target system before even thinking about starting to exploit them.

Still, they are regularly taken advantage of by attackers - Dirty Pipe has, for example, been added to CISA's Known Exploited Vulnerabilities Catalog on Monday.


News URL

https://www.helpnetsecurity.com/2022/04/27/cve-2022-29799-cve-2022-29800/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-09-21 CVE-2022-29800 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Microsoft Windows Defender for Endpoint
A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher.
local
high complexity
microsoft CWE-367
4.7
2022-09-21 CVE-2022-29799 Path Traversal vulnerability in Microsoft Windows Defender for Endpoint
A vulnerability was found in networkd-dispatcher.
local
low complexity
microsoft CWE-22
5.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 11 64 2532 1569 67 4232