November 20, 2024 at 04:45AM
Multiple security vulnerabilities have been found in the needrestart package on Ubuntu Server, allowing local attackers to gain root privileges. Identified by Qualys, these flaws are easy to exploit, prompting users to upgrade to the latest version (3.8) or temporarily disable interpreter scanners to mitigate risks.
### Meeting Takeaways – Nov 20, 2024
**Subject:** Security Vulnerabilities in Ubuntu Server’s Needrestart Package
**Key Points:**
1. **Vulnerabilities Identified:**
– Multiple long-standing security vulnerabilities have been found in the *needrestart* package, which has been included by default in Ubuntu Server since version 21.04.
– These vulnerabilities could allow local attackers to gain root privileges without user interaction.
2. **Vulnerability Overview:**
– Discovered by the Qualys Threat Research Unit, these flaws date back to *needrestart* version 0.8 (released April 27, 2014).
– The five vulnerabilities with their respective CVEs are:
– **CVE-2024-48990** (CVSS score: 7.8) – Arbitrary code execution via manipulated PYTHONPATH.
– **CVE-2024-48991** (CVSS score: 7.8) – Arbitrary code execution via a race condition with a fake Python interpreter.
– **CVE-2024-48992** (CVSS score: 7.8) – Arbitrary code execution via manipulated RUBYLIB.
– **CVE-2024-11003** (CVSS score: 7.8) and **CVE-2024-10224** (CVSS score: 5.3) – Arbitrary shell command execution linked to the libmodule-scandeps-perl package.
3. **Impact and Risk:**
– Successful exploitation could lead to unauthorized root access, threatening system integrity and security, particularly during package installations or upgrades.
4. **Recommendations:**
– It’s crucial for users to apply the latest patches to mitigate these vulnerabilities.
– As a temporary measure, users are advised to disable interpreter scanners in the *needrestart* configuration file but should revert these changes after updates are applied.
5. **Official Statement:**
– Ubuntu has confirmed that these vulnerabilities have been addressed in version 3.8 of the *needrestart* package.
– Users should act promptly to secure their systems.
**Action Items:**
– Encourage all relevant stakeholders to review their current version of the *needrestart* package and apply necessary updates.
– Educate users on the importance of updating software and possible temporary mitigations.
**Additional Information:**
– For further updates, follow the organization on Twitter and LinkedIn.