The latest batch of vulnerabilities recently discovered by Microsoft make it easy for people with a toehold on many Linux desktop systems to quickly gain root system rights -- the latest elevation of privileges flaw to come to light in the open source OS.
One flaw has been dubbed Nimbuspwn, by Microsoft covers two vulnerabilities that reside in the networkd-dispatcher, a component in many Linux distributions that dispatch network status changes and can run various scripts to respond to a new status.
It means that when a machine boots, networkd-dispatcher runs as root and a hacker with minimal access to a vulnerable desktop can chain together exploits for these vulnerabilities that give full root access.
The proof-of-concept exploit works only when it can use the "org.freedesktop.network1" bus name.
But Vole found several environments where this happens, including Linux Mint, in which the systemd-networkd by default doesn't own the org.freedodesktop.network1 bus name at boot.
Microsoft found several processes that run as the systemd-network user, which is permitted to use the bus name required to run arbitrary code from world-writable locations. The vulnerable processes include several gpgv plugins, which are launched when apt-get installs or upgrades, and the Erlang Port Mapper Daemon, which allows running arbitrary code under some scenarios.
The vulnerability has been patched.