SB2022050435 - Ubuntu update for networkd-dispatcher

Security Bulletin ID SB2022050435

Severity

Low

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Path traversal (CVE-ID: CVE-2022-29799)

The vulnerability allows a local user to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in OperationalState or the AdministrativeState. Since the states are used to build the script path, it is possible that a state would contain directory traversal patterns (e.g. “../../”) to escape from the “/etc/networkd-dispatcher” base directory. A local user can abuse this vulnerability to bypass implemented security restrictions.

2) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2022-29800)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition between the scripts being discovered and them being run. An local user can abuse this vulnerability to replace scripts that networkd-dispatcher believes to be owned by root to ones that are not. Along with vulnerability #VU62689 (CVE-2022-29799) this allows privilege escalation by overwriting arbitrary files on the system.

Remediation

Install update from vendor's website.

References

https://ubuntu.com/security/notices/USN-5395-2