A number of decade-old safety vulnerabilities have been disclosed within the needrestart package deal put in by default in Ubuntu Server (since model 21.04) that might enable an area attacker to realize root privileges with out requiring person interplay.
The Qualys Risk Analysis Unit (TRU), which recognized and reported the failings early final month, mentioned they’re trivial to use, necessitating that customers transfer shortly to use the fixes. The vulnerabilities are believed to have existed because the introduction of interpreter help in needrestart 0.8, which was launched on April 27, 2014.
“These needrestart exploits allow Local Privilege Escalation (LPE) which means that a local attacker is able to gain root privileges,” Ubuntu mentioned in an advisory, noting they’ve been addressed in model 3.8. “The vulnerabilities affect Debian, Ubuntu, and other Linux distributions.”
Needrestart is a utility that scans a system to find out the companies that have to be restarted after making use of shared library updates in a way that avoids an entire system reboot.
The 5 flaws are listed under –
- CVE-2024-48990 (CVSS rating: 7.8) – A vulnerability that enables native attackers to execute arbitrary code as root by tricking needrestart into operating the Python interpreter with an attacker-controlled PYTHONPATH surroundings variable
- CVE-2024-48991 (CVSS rating: 7.8) – A vulnerability that enables native attackers to execute arbitrary code as root by successful a race situation and tricking needrestart into operating their very own, pretend Python interpreter
- CVE-2024-48992 (CVSS rating: 7.8) – A vulnerability that enables native attackers to execute arbitrary code as root by tricking needrestart into operating the Ruby interpreter with an attacker-controlled RUBYLIB surroundings variable
- CVE-2024-11003 (CVSS rating: 7.8) and CVE-2024-10224 (CVSS rating: 5.3) – Two vulnerabilities that enables an area attacker to execute arbitrary shell instructions as root by benefiting from a problem within the libmodule-scandeps-perl package deal (earlier than model 1.36)
Profitable exploitation of the aforementioned shortcomings may enable an area attacker to set specifically crafted surroundings variables for PYTHONPATH or RUBYLIB that might consequence within the execution of arbitrary code pointing to the risk actor’s surroundings when needrestart is run.
“In CVE-2024-10224, […] attacker-controlled input could cause the Module::ScanDeps Perl module to run arbitrary shell commands by open()ing a ‘pesky pipe’ (such as by passing ‘commands|’ as a filename) or by passing arbitrary strings to eval(),” Ubuntu famous.
“On its own, this is not enough for local privilege escalation. However, in CVE-2024-11003 needrestart passes attacker-controlled input (filenames) to Module::ScanDeps and triggers CVE-2024-10224 with root privilege. The fix for CVE-2024-11003 removes needrestart’s dependency on Module::ScanDeps.”
Whereas it is extremely suggested to obtain the newest patches, Ubuntu mentioned customers can disable interpreter scanners in needrestart the configuration file as a brief mitigation and be certain that the modifications are reverted after the updates are utilized.
“These vulnerabilities in the needrestart utility allow local users to escalate their privileges by executing arbitrary code during package installations or upgrades, where needrestart is often run as the root user,” Saeed Abbasi, product supervisor of TRU at Qualys, mentioned.
“An attacker exploiting these vulnerabilities could gain root access, compromising system integrity and security.”
