PR3MIUM
Senior Member
Five local privilege escalation (LPE) vulnerabilities have been discovered in the needrestart utility used by default in Ubuntu Linux since version 21.04, which were introduced over 10 years ago.
The flaws were discovered by Qualys and are tracked as CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003. They were introduced in needrestart version 0.8, released in April 2014, and fixed only yesterday, in version 3.8.
However, attackers exploited similar Linux elevation of privilege vulnerabilities in the past to gain root, including the Loony Tunables and one exploiting a nf_tables bug, so this new flaw should not be dismissed just because it requires local access.
Apart from upgrading to version 3.8 or later, which includes patches for all the identified vulnerabilities, it is recommended to modify the needrestart.conf file to disable the interpreter scanning feature, which prevents the vulnerabilities from being exploited.
# Disable interpreter scanners.
$nrconf{interpscan} = 0;
This should stop needrestart from executing interpreters with potentially attacker-controlled environment variables.
Source:
www.bleepingcomputer.com
The flaws were discovered by Qualys and are tracked as CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003. They were introduced in needrestart version 0.8, released in April 2014, and fixed only yesterday, in version 3.8.
However, attackers exploited similar Linux elevation of privilege vulnerabilities in the past to gain root, including the Loony Tunables and one exploiting a nf_tables bug, so this new flaw should not be dismissed just because it requires local access.
Apart from upgrading to version 3.8 or later, which includes patches for all the identified vulnerabilities, it is recommended to modify the needrestart.conf file to disable the interpreter scanning feature, which prevents the vulnerabilities from being exploited.
# Disable interpreter scanners.
$nrconf{interpscan} = 0;
This should stop needrestart from executing interpreters with potentially attacker-controlled environment variables.
Source:
Ubuntu Linux impacted by decade-old 'needrestart' flaw that gives root
Five local privilege escalation (LPE) vulnerabilities have been discovered in the needrestart utility used by Ubuntu Linux, which was introduced over 10 years ago in version 21.04.
