Alert
-
Topic
-
Ubuntu 22.04 Networking Backdoor
There appears to be a backdoor in some networking package that allows changing the networking settings, most probably the DNS settings of a Ubuntu computer via a malicious device connected to the same LAN, without establishibg a SSH connection.
I can not identify the package that contains this backdoor, however this issue has occurred after a network failure which has also affected the router, which was running OpenWrt.
Although the network is disconnected from the internet due to security reasons after this incident, the Ubuntu machine is somehow tricked to showing the network as being online. This change in behavior has occurred after the malicious network incident, without installing any packages or updates whatsoever on this computer, not even in the previous couple of months. This computer was only connected to the network *after* the malicious network incident has occurred.
I totally exclude the possibility of another cause, as nobody had physical access to this computer, the disk is encrypted and the Ubuntu user password is very strong.
I assume this is an intentional vulnerability which is hidden is some package and known to very few.