reports that Linux desktops could be exploited using vulnerabilities
within a commonly used system component to allow privilege escalation and malware installation.
Threat actors could use the Nimbuspwn flaws, tracked as CVE-2022-29799 and CVE-2022-29800, to facilitate root backdoor installation, as well as arbitrary code execution, according to Microsoft.
"Moreover, the Nimbuspwn vulnerabilities could potentially be leveraged as a vector for root access by more sophisticated threats, such as malware or ransomware, to achieve greater impact on vulnerable devices," said Microsoft.
Both bugs have been identified within the networkd-dispatcher service for systemd-networkd network connection status changes. Microsoft researchers were able to determine the flaws through System Bus messages heard during code reviews and service analysis. Malicious actors have long been attracted to attacking D-Bus components used on Linux distributions to compromise System Bus, according to Microsoft 365 Defender Research Team Lead Jonathan Bar Or.
"D-Bus exposes a global System Bus and a per-session Session Bus. From an attacker's perspective, the System Bus is more attractive since it will commonly have services that run as root listening to it," Or said.