From thehackernews.comMultiple decade-old security vulnerabilities have been disclosed in the needrestart package installed by default in Ubuntu Server (since version 21.04) that could allow a local attacker to gain root privileges without requiring user interaction.
The Qualys Threat Research Unit (TRU), which identified and reported the flaws early last month, said they are trivial to exploit, necessitating that users move quickly to apply the fixes. The vulnerabilities are believed to have existed since the introduction of interpreter support in needrestart 0.8, which was released on April 27, 2014.
"These needrestart exploits allow Local Privilege Escalation (LPE) which means that a local attacker is able to gain root privileges," Ubuntu said in an advisory, noting they have been addressed in version 3.8. "The vulnerabilities affect Debian, Ubuntu, and other Linux distributions."
Needrestart is a utility that scans a system to determine the services that need to be restarted after applying shared library updates in a manner that avoids a complete system reboot.
The five flaws are listed below -
CVE-2024-48990 (CVSS score: 7.8) - A vulnerability that allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable
CVE-2024-48991 (CVSS score: 7.8) - A vulnerability that allows local attackers to execute arbitrary code as root by winning a race condition and tricking needrestart into running their own, fake Python interpreter
CVE-2024-48992 (CVSS score: 7.8) - A vulnerability that allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable
CVE-2024-11003 (CVSS score: 7.8) and CVE-2024-10224 (CVSS score: 5.3) - Two vulnerabilities that allows a local attacker to execute arbitrary shell commands as root by taking advantage of an issue in the libmodule-scandeps-perl package (before version 1.36)
Needrestart Vulnerabilities
Forum rules
Behave
Behave
Needrestart Vulnerabilities
Debian, Ubuntu, and derivatives.
Re: Needrestart Vulnerabilities
I heard about that, I don't have that anywhere (not here on server either, I thought Cpanel might use that as they do something similar when there are updates, but they use their own scripts)