Microsoft has discovered a set of vulnerabilities, that it collectively refers to as Nimbuspwn, which could allow attackers to escalate to root privileges on Linux systems. This would allow attackers to conduct malicious activities like creating root backdoors.The Nimbuspwn vulnerabilities could potentially be leveraged to carry out more sophisticated threats using malware and ransomware to create a greater impact on the vulnerable device.
Microsoft researchers discovered the vulnerabilities by listening to messages on the System Bus while analysing services that run as root. The system bus is a pathway that carries data between a computer microprocessor and the main memory.
While performing code review and dynamic analysis, they noticed an odd pattern in a systemd unit called networkd-dispatcher. Systemd is a set of software designed to unify configuration and behaviour across Linux distributions (distros)
When the researchers reviewed the code flow for networkd-dispatcher, it revealed multiple security concerns that could be leveraged to elevate privileges, deploy malware or carry out other malicious activities.
These discoveries were shared with the Linux code maintainers through Microsoft Security Vulnerability Research (MSVR) program and the issues have been resolved. The researchers recommend that users of networkd-dispatcher update their software as soon as possible.
