Linux: Elevated privilege vulnerability discovered

Microsoft has discovered a new Linux elevated vulnerability. A secure version is already available – networkd-dispatcher users are advised to update their instances.

Vulnerabilities in systemd unit

The Microsoft 365 Defender Research team recently discovered several vulnerabilities as part of system analyzes and code reviews. Checking the code flow for the networkd-dispatcher systemd unit revealed several security issues, including directory traversal, symlink race, and time-of-check time-of-use race condition issues. The combination of these vulnerabilities, collectively known as Nimbuspwn, could have allowed attackers to gain administrator privileges, run malicious code on the target device, and install a backdoor.

Patch is already available

Fixes for these vulnerabilities, now known as CVE-2022-29799</ a> and CVE-2022-29800 were identified by the maintainer of networkd-dispatcher deployed successfully. Microsoft advises all users of networkd-dispatcher to update their instances.

Source: Microsoft Security Blog

Kubernetes

ccloud³

Managed Server

Cloud GPU

S3 Object Storage

Kubernetes

ccloud³

Managed Server

Cloud GPU

S3 Object Storage

Kubernetes

ccloud³

Managed Server

Cloud GPU

S3 Object Storage

Help Center

Trust Center

Glossar

Tutorials

Kubernetes

ccloud³

Managed Server

Cloud GPU

S3 Object Storage

Kubernetes

ccloud³

Managed Server

Cloud GPU

S3 Object Storage

Kubernetes

ccloud³

Managed Server

Cloud GPU

S3 Object Storage

Help Center

Trust Center

Glossar

Tutorials

Linux: Elevated privilege vulnerability discovered

Vulnerabilities in systemd unit

Patch is already available

Products

More centron

Service & Support