The cybersecurity community is on high alert following the discovery of five critical Local Privilege Escalation (LPE) vulnerabilities in the needrestart component, a default package in Ubuntu Server.
These flaws, present for nearly a decade, potentially allow any unprivileged user to obtain full root access without user interaction, posing a significant threat to system security.
The Qualys Threat Research Unit (TRU) identified these vulnerabilities and tracked them as:-
- CVE-2024-48990
- CVE-2024-48991
- CVE-2024-48992
- CVE-2024-10224
- CVE-2024-11003
.webp)
The flaws have existed since the introduction of interpreter support in needrestart version 0.8, released in April 2014, affecting all versions prior to 3.8.
Needrestart, a utility that scans systems to determine if restarts are necessary after updates, is automatically executed following APT operations.
Security experts at Qualys observed that the vulnerabilities allow local attackers to execute arbitrary code as root by manipulating environment variables that influence Python/Ruby interpreters, passing unsanitized data to libraries expecting safe input.
Maximizing Cybersecurity ROI: Expert Tips for SME & MSP Leaders – Attend Free Webinar
Technical Analysis
The vulnerabilities impact Ubuntu Server installations since version 21.04, potentially affecting a vast number of deployments worldwide. Organizations running these versions are at risk of unauthorized access, data breaches, and system compromises.
To address these vulnerabilities, system administrators are advised to:-
- Update needrestart to version 3.8 or later.
- Alternatively, disable the interpreter heuristic in needrestart’s configuration file (/etc/needrestart/needrestart.conf) by setting:
text
$nrconf{interpscan} = 0;
The cybersecurity industry is responding swiftly to these revelations. Qualys has announced the release of QIDs for vulnerability detection and is offering mitigation solutions through its TruRisk Eliminate platform.
Other security firms are expected to follow suit with updates to their vulnerability scanners and management tools. This discovery underscores the importance of regular security audits and prompt patching, even for long-standing system components.
As the situation develops, system administrators and security professionals are urged to stay vigilant, apply necessary patches, and monitor for any signs of exploitation.
Are you from SOC/DFIR Teams? – Analyse Malware Files & Links with ANY.RUN -> Try for Free