CATEGORIES
home News

Microsoft Warns Of Nimbuspwn Security Flaws That Grant Hackers Linux Root Access

by Zak KillianFriday, April 29, 2022, 03:09 PM EDT
hero nimbuspwn fixed
Microsoft's Windows has plenty of reason to be proud of its status as the desktop operating system of choice for personal computers, but Linux drives a massive portion of the processing that lies beneath the surface of the internet at large. Ultimately, it's to everyone's benefit if security holes are closed, so we probably shouldn't be surprised when Microsoft finds bugs in Linux.

And find them, it did. Microsoft's security team says that it was listening to messages on the system bus while "performing code reviews and dynamic analysis on services that run as root" when it noticed unusual behavior in a component of systemd known as networkd-dispatcher. That prompted big MS to do a full code review on that component, whereupon it found "multiple security concerns."

nimbuspwn

Those security concerns come in the form of directory traversal exploits, symlink race opportunities, and time-of-check-time-of-use (TOCTOU) flaws, which, when exploited together could give an unprivileged user root access on the system. That makes the flaws, collectively known as "Nimbuspwn", quite serious indeed.

A full explanation of the flaws is outside of the scope of this post, but Microsoft has a run-down on the details if you'd like to go over them. The important news for most folks is that older versions of networkd-dispatcher are vulnerable, but the latest version isn't, so get to patching if you run a Linux system based on systemd.
Tags:  Microsoft, Linux, security, cybersecurity, (nasdaq:msft), systemd, nimbuspwn
TOP CONVERSATIONS
You Next Copilot PC Platform
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment