New Nimbuspwn Linux Vulnerability Gives Hackers Root Privileges

by
janrinok
from SoylentNews on (#5YPEJ)

upstart writes:

New Nimbuspwn Linux vulnerability gives hackers root privileges:

A new set of vulnerabilities collectively tracked as Nimbuspwn could let local attackers escalate privileges on Linux systems to deploy malware ranging from backdoors to ransomware.

Security researchers at Microsoft disclosed the issues in a report today noting that they can be chained together to achieve root privileges on a vulnerable system.

Tracked as CVE-2022-29799 and CVE-2022-29800, the Nimbuspwn security issues were discovered in networkd-dispatcher, a component that sends connection status changes on Linux machines.

Discovering the vulnerabilities started with "listening to messages on the System Bus," which prompted the researchers to review the code flow for networkd-dispatcher.

The Nimbuspwn security flaws refer to directory traversal, symlink race, and time-of-check-time-of-use (TOCTOU) race condition issues, explains Microsoft researcher Jonathan Bar Or says in the report.

Read more of this story at SoylentNews.

External Content
Source RSS or Atom Feed
Feed Location https://soylentnews.org/index.rss
Feed Title SoylentNews
Feed Link https://soylentnews.org/
Feed Copyright Copyright 2014, SoylentNews
Reply 0 comments