Microsoft points out privilege escalation errors in Linux

Errors in networkd dispatcher, a service used in some parts of the Linux world, can be exploited by a junk logged-in user or application to escalate their privileges to root level, allowing the box to be controlled, Microsoft researchers said Wednesday .

It is nice of Redmond to point out these errors and have them corrected in all affected distributions; the US technology giant is a major user of Linux and is dependent on open source OS throughout its empire. It’s just a little confusing that the biz used all the effort to write a great revaluation and give the bugs a catchy name, Nimbuspwn, when countless privileged holes are fixed in the Windows operating system every month and we can not remember. Microsoft has recently made so much of a song and dance over them.

“The growing number of vulnerabilities in Linux environments underscores the need for strong monitoring of the platform’s operating system and its components,” wrote Jonathan Bar Or of the Microsoft 365 Defender Research Team, which in turn may be a bit rich for Windows Goliath. to bring up.

It’s not like Linux does not have security vulnerabilities – it has lots and they should be made public – it’s just that greenhouses and rocks come to mind. If you are using a vulnerable Linux distro, grab its latest updates to fix the bug. It appears that networkd dispatcher was updated three weeks ago, to version 2.2, to close the gaps.

Microsoft said it discovered the vulnerabilities – now tracked as CVE-2022-29799 and CVE-2022-29800 – while performing code crawls and dynamic analyzes on services running as root. We are told that analysts noticed an “odd pattern” in networkd dispatcher, an open source tool that can be used to detect and respond to changes in connection status.

The security vulnerabilities identified in the review included insecure directory reviews, symlink runs, and time-of-check-time-of-use race conditions, which can be exploited to elevate one’s privileges, allowing them to implement malware or perform other malicious activities via arbitrary root code execution.

“In addition, Nimbuspwn vulnerabilities could potentially be exploited as a vector for root access by more sophisticated threats, such as malware or ransomware, to have a greater impact on vulnerable devices,” Bar Or wrote.

All three vulnerabilities were found by following the stream of execution to a _run_hooks_for_state method, which is responsible for finding and executing scripts. With the time-of-check-time-of-use race mode, “there is a certain amount of time between scripts being detected and them being run,” he wrote. “An attacker could exploit this vulnerability to replace scripts that networkd dispatchers believe are rooted for those that are not.”

Microsoft said it also found minor information-leaking bugs in Blueman and PackageKit on Linux.

According to Casey Bisson, head of product and developer relations at code security provider BluBracket, these privilege escalation holes could be useful for malicious people seeking to gain a stronger foothold in a Linux-dependent organization so that espionage or extortion activities can be performed.

“This is an interesting set of vulnerabilities that affect Linux desktop users,” Bisson said The register. “The risk footprint can be wide. Linux desktops are not just for hobbyists. Tens of thousands of Google employees use a Debian-derived as their desktop operating system, and there are a number of other notable enterprise, government and research facilities that have great Linux desktop implementations. “

Open source software remains a target for spies and crooks who want to exploit vulnerabilities. The high-profile bug found in the Log4j library at the end of last year continues to be abused, and more recently, girlfriends have sought to exploit the Spring4Shell vulnerability in the Spring Framework.

Bud Broomhead, CEO of cybersecurity firm Viakoo, told The register bugs like Nimbuspwn require action not only by users to download and install patches but also distribution administrators to spot fixes and push updates out in the first place. “They are inherently more difficult to fix and often have a longer vulnerability period because traditional detection and remediation solutions may not apply and because there are multiple Linux distributions – over 600 – there may just as well be many patches that need to be is used.” said Broomhead.

Bar Or wrote that networkd dispatchers maintainer Clayton Craft was notified of the holes and fixes were released; these should filter down to endpoints when updating their packages.

“Defending the evolving threat landscape requires the ability to protect and secure users’ computing experiences, whether a Windows or non-Windows device,” said Bar Or. “This case demonstrated how the ability to coordinate such research through expert, interdisciplinary collaboration is crucial to effectively mitigate issues, regardless of the vulnerable entity or platform in use.” ®