IT Brief Asia - Technology news for CIOs & IT decision-makers
Asia
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things
Search
Story image
#
Malware
#
Cybersecurity
#
Ubuntu

Critical needrestart vulnerabilities found in Ubuntu Servers

Today
Author image
By Imee Dequito, Editor

The Qualys Threat Research Unit (TRU) has uncovered five Local Privilege Escalation (LPE) vulnerabilities within the needrestart component used by Ubuntu Servers.

These vulnerabilities, linked to CVE identifiers CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003, pose significant security threats as they potentially allow any unprivileged user to gain full root access during package installations or upgrades.

Needrestart is a utility automatically executed after APT operations, such as install, upgrade, or remove, in Ubuntu Servers. It is designed to determine whether services require a restart, ensuring they use the latest library versions and maintaining system security and performance without necessitating full system reboots.

The Qualys TRU team warns that these vulnerabilities, present since needrestart version 0.8 released in April 2014, can lead to unauthorised access to sensitive data, malware installations, and disruptions of business operations. Such incidents could result in data breaches, regulatory non-compliance, and decreased trust among customers and stakeholders, impacting corporate reputations.

The security flaws are found in needrestart versions installed by default on Ubuntu Servers from version 21.04, affecting numerous global deployments. The vulnerabilities allow the execution of arbitrary code as root by exploiting an attacker-controlled environment variable, which manipulates the Python/Ruby interpreter.

To mitigate these risks, enterprises are advised to update the needrestart software or disable the vulnerable feature by modifying the configuration file to turn off interpreter scanning. The required changes can be made by setting "$nrconf{interpscan} = 0;" in the /etc/needrestart/needrestart.conf file.

Qualys TRU has developed functional exploits for these vulnerabilities, though it has opted not to disclose them. Despite this, Qualys cautions that the vulnerabilities are easily exploitable, and other researchers might soon publish working exploits following the coordinated disclosure.

The company underscores the urgency of addressing these issues promptly to protect the integrity of systems reliant on needrestart. The availability of a fix is confirmed in needrestart version 3.8, and the update is strongly recommended.

For those seeking further technical details on the vulnerabilities or solutions, more comprehensive information is provided on the Qualys blog and associated technical write-ups.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Accenture expands AI cybersecurity services & workforce
AvePoint introduces AI benchmarking for Microsoft 365 users
GitHub launches AUD $1.91m fund for open source security
Dell partners with Intel to boost AI in telecom sector
KnowBe4 unveils AI-focused HRM+ for human risk management
Top stories
Exclusive: Informatica's Rik Tamm-Daniels discusses push into Generative AI
Netcore Cloud expands collaboration with Google Cloud AI
Surge in financial phishing attacks in Southeast Asia
Tray.ai enhances platform for seamless AI adoption
OpenText launches Cloud Editions 24.4 with AI upgrades