SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image

Critical needrestart vulnerabilities found in Ubuntu Servers

Wed, 20th Nov 2024

The Qualys Threat Research Unit (TRU) has uncovered five Local Privilege Escalation (LPE) vulnerabilities within the needrestart component used by Ubuntu Servers.

These vulnerabilities, linked to CVE identifiers CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003, pose significant security threats as they potentially allow any unprivileged user to gain full root access during package installations or upgrades.

Needrestart is a utility automatically executed after APT operations, such as install, upgrade, or remove, in Ubuntu Servers. It is designed to determine whether services require a restart, ensuring they use the latest library versions and maintaining system security and performance without necessitating full system reboots.

The Qualys TRU team warns that these vulnerabilities, present since needrestart version 0.8 released in April 2014, can lead to unauthorised access to sensitive data, malware installations, and disruptions of business operations. Such incidents could result in data breaches, regulatory non-compliance, and decreased trust among customers and stakeholders, impacting corporate reputations.

The security flaws are found in needrestart versions installed by default on Ubuntu Servers from version 21.04, affecting numerous global deployments. The vulnerabilities allow the execution of arbitrary code as root by exploiting an attacker-controlled environment variable, which manipulates the Python/Ruby interpreter.

To mitigate these risks, enterprises are advised to update the needrestart software or disable the vulnerable feature by modifying the configuration file to turn off interpreter scanning. The required changes can be made by setting "$nrconf{interpscan} = 0;" in the /etc/needrestart/needrestart.conf file.

Qualys TRU has developed functional exploits for these vulnerabilities, though it has opted not to disclose them. Despite this, Qualys cautions that the vulnerabilities are easily exploitable, and other researchers might soon publish working exploits following the coordinated disclosure.

The company underscores the urgency of addressing these issues promptly to protect the integrity of systems reliant on needrestart. The availability of a fix is confirmed in needrestart version 3.8, and the update is strongly recommended.

For those seeking further technical details on the vulnerabilities or solutions, more comprehensive information is provided on the Qualys blog and associated technical write-ups.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X