Five Privilege Escalation Flaws Found in Ubuntu needrestart


Five Local Privilege Escalation (LPE) vulnerabilities in Ubuntu Server’s needrestart utility have been discovered. These flaws, found by the Qualys Threat Research Unit (TRU), affect versions prior to 3.8, enabling unprivileged users to escalate their privileges to root without requiring user interaction.

Understanding the needrestart Vulnerabilities

The vulnerabilities are tracked as:

  • CVE-2024-48990
  • CVE-2024-48991
  • CVE-2024-48992
  • CVE-2024-10224
  • CVE-2024-11003

These originate from unsafe handling of attacker-controlled environment variables. These variables influence the Python and Ruby interpreters during needrestart’s execution, allowing arbitrary shell commands to be run as root.

The flaws have been present since version 0.8 of the utility was released in 2014.

needrestart is a critical utility installed by default on Ubuntu Server since version 21.04. It determines whether a system or its services need restarting after updates to shared libraries, ensuring services utilize the latest versions without requiring a full reboot.

Despite its functionality improving uptime and efficiency, its widespread integration makes these vulnerabilities a global concern for enterprises relying on Ubuntu Server.

How to Mitigate the Risk

Updating to needrestart version 3.8 eliminates the vulnerabilities. For immediate risk mitigation, users can disable the interpreter scanning feature by modifying the utility’s configuration file. Specifically, adding the line $nrconf{interpscan} = 0; to the configuration file will deactivate this vulnerable feature.

Learn more about vulnerability management and system hardening practices: Vulnerability Management: Why a Risk-Based Approach is Essential

Addressing these vulnerabilities is critical to prevent unauthorized access to sensitive data, malware installation and operational disruptions. Such incidents could compromise compliance, customer trust and organizational reputation.

The Importance of Proactive Security Measures

More generally, Qualys warned that organizations are encouraged to adopt a proactive approach to vulnerability management by regularly identifying and prioritizing critical vulnerabilities. 

Implementing robust patch management processes and monitoring systems for signs of exploitation are key steps in mitigating risks. Enterprises should also consider disabling features that are not immediately necessary to minimize exposure to attacks.

Image credit: Ralf Liebhold / Shutterstock.com



Source link