- I CIO e le spese ambiziose per l’AI nel 2025. E oltre
- Lumma Stealer on the Rise: How Telegram Channels Are Fueling Malware Proliferation | McAfee Blog
- HPE, 美 로렌스 리버모어 국립연구소에 DLC 엑사스케일 슈퍼컴퓨터 '엘 캐피탄' 구축
- Threads lets you create your own custom feeds now, just like Bluesky - here's how
- 미 법무부, 구글에 크롬 매각 압박…구글 아성 무너질까
Five Privilege Escalation Flaws Found in Ubuntu needrestart
Five Local Privilege Escalation (LPE) vulnerabilities in Ubuntu Server’s needrestart utility have been discovered. These flaws, found by the Qualys Threat Research Unit (TRU), affect versions prior to 3.8, enabling unprivileged users to escalate their privileges to root without requiring user interaction.
Understanding the needrestart Vulnerabilities
The vulnerabilities are tracked as:
- CVE-2024-48990
- CVE-2024-48991
- CVE-2024-48992
- CVE-2024-10224
- CVE-2024-11003
These originate from unsafe handling of attacker-controlled environment variables. These variables influence the Python and Ruby interpreters during needrestart’s execution, allowing arbitrary shell commands to be run as root.
The flaws have been present since version 0.8 of the utility was released in 2014.
needrestart is a critical utility installed by default on Ubuntu Server since version 21.04. It determines whether a system or its services need restarting after updates to shared libraries, ensuring services utilize the latest versions without requiring a full reboot.
Despite its functionality improving uptime and efficiency, its widespread integration makes these vulnerabilities a global concern for enterprises relying on Ubuntu Server.
How to Mitigate the Risk
Updating to needrestart version 3.8 eliminates the vulnerabilities. For immediate risk mitigation, users can disable the interpreter scanning feature by modifying the utility’s configuration file. Specifically, adding the line $nrconf{interpscan} = 0; to the configuration file will deactivate this vulnerable feature.
Addressing these vulnerabilities is critical to prevent unauthorized access to sensitive data, malware installation and operational disruptions. Such incidents could compromise compliance, customer trust and organizational reputation.
The Importance of Proactive Security Measures
More generally, Qualys warned that organizations are encouraged to adopt a proactive approach to vulnerability management by regularly identifying and prioritizing critical vulnerabilities.
Implementing robust patch management processes and monitoring systems for signs of exploitation are key steps in mitigating risks. Enterprises should also consider disabling features that are not immediately necessary to minimize exposure to attacks.
Image credit: Ralf Liebhold / Shutterstock.com
