- Did you play Pokémon Go? You didn't know it, but you were training AI to map the world
- “AI 압박 늘었지만 13%만이 준비됐다고 생각”··· 시스코, ‘2024 AI 준비지수’ 발표
- ‘속도 비용·난이도 제각각’··· 기업이 LLM을 도입하는 7가지 방법
- I CIO e le spese ambiziose per l’AI nel 2025. E oltre
- Lumma Stealer on the Rise: How Telegram Channels Are Fueling Malware Proliferation | McAfee Blog
Five Privilege Escalation Flaws Found in Ubuntu needrestart
Five Local Privilege Escalation (LPE) vulnerabilities in Ubuntu Server’s needrestart utility have been discovered. These flaws, found by the Qualys Threat Research Unit (TRU), affect versions prior to 3.8, enabling unprivileged users to escalate their privileges to root without requiring user interaction.
Understanding the needrestart Vulnerabilities
The vulnerabilities are tracked as:
- CVE-2024-48990
- CVE-2024-48991
- CVE-2024-48992
- CVE-2024-10224
- CVE-2024-11003
These originate from unsafe handling of attacker-controlled environment variables. These variables influence the Python and Ruby interpreters during needrestart’s execution, allowing arbitrary shell commands to be run as root.
The flaws have been present since version 0.8 of the utility was released in 2014.
needrestart is a critical utility installed by default on Ubuntu Server since version 21.04. It determines whether a system or its services need restarting after updates to shared libraries, ensuring services utilize the latest versions without requiring a full reboot.
Despite its functionality improving uptime and efficiency, its widespread integration makes these vulnerabilities a global concern for enterprises relying on Ubuntu Server.
How to Mitigate the Risk
Updating to needrestart version 3.8 eliminates the vulnerabilities. For immediate risk mitigation, users can disable the interpreter scanning feature by modifying the utility’s configuration file. Specifically, adding the line $nrconf{interpscan} = 0; to the configuration file will deactivate this vulnerable feature.
Addressing these vulnerabilities is critical to prevent unauthorized access to sensitive data, malware installation and operational disruptions. Such incidents could compromise compliance, customer trust and organizational reputation.
The Importance of Proactive Security Measures
More generally, Qualys warned that organizations are encouraged to adopt a proactive approach to vulnerability management by regularly identifying and prioritizing critical vulnerabilities.
Implementing robust patch management processes and monitoring systems for signs of exploitation are key steps in mitigating risks. Enterprises should also consider disabling features that are not immediately necessary to minimize exposure to attacks.
Image credit: Ralf Liebhold / Shutterstock.com
