The Nimbuspwn Linux Flaw Allows Root Access

Nimbuspwn is a name given to two Linux privilege escalation problems identified by the Microsoft 365 Defender Research Team. These vulnerabilities (recorded as CVE-2022-29799 and CVE-2022-29800) may be exploited by attackers to carry out a variety of harmful operations, including the distribution of malware.

The Nimbuspwn Security Flaw

A directory traversal vulnerability, a symlink race vulnerability, and a time-of-check-time-of-use (TOCTOU) race condition vulnerability are all described as Nimbuspwn.

Microsoft has discovered several vulnerabilities, collectively referred to as Nimbuspwn, that could allow an attacker to elevate privileges to root on many Linux desktop endpoints. The vulnerabilities can be chained together to gain root privileges on Linux systems, allowing attackers to deploy payloads, like a root backdoor, and perform other malicious actions via arbitrary root code execution. Moreover, the Nimbuspwn vulnerabilities could potentially be leveraged as a vector for root access by more sophisticated threats, such as malware or ransomware, to achieve greater impact on vulnerable devices.

We discovered the vulnerabilities by listening to messages on the System Bus while performing code reviews and dynamic analysis on services that run as root, noticing an odd pattern in a systemd unit called networkd-dispatcher. Reviewing the code flow for networkd-dispatcher revealed multiple security concerns, including directory

Read More: