Ubuntu Linux impacted by decade-old ‘needrestart’ flaw that gives root

Ubuntu Linux impacted by decade-old 'needrestart' flaw that gives root

November 20, 2024 at 02:11PM

Five local privilege escalation vulnerabilities in Ubuntu’s needrestart utility were discovered by Qualys, tracked as CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003. All were fixed in version 3.8. Attackers with local access could exploit these flaws to gain root privileges.

### Meeting Takeaways:

1. **Vulnerability Overview**: Five local privilege escalation (LPE) vulnerabilities have been identified in the needrestart utility used by Ubuntu Linux, tracked as:
– CVE-2024-48990
– CVE-2024-48991
– CVE-2024-48992
– CVE-2024-10224
– CVE-2024-11003

2. **Introduction and Patch Timeline**:
– Vulnerabilities were introduced in needrestart version 0.8 (April 2014) and have been fixed in version 3.8 (released yesterday).

3. **Function of needrestart**:
– needrestart is utilized to identify services that need restarting after package updates to ensure they are running the latest shared libraries.

4. **Vulnerability Details**:
– **CVE-2024-48990**: Exploiting the PYTHONPATH can allow arbitrary code execution as root.
– **CVE-2024-48992**: Malicious RUBYLIB can lead to arbitrary Ruby code execution as root.
– **CVE-2024-48991**: A race condition allows replacing the Python interpreter binary, enabling root code execution.
– **CVE-2024-10224**: Improper handling of filename inputs can lead to arbitrary command execution as root.
– **CVE-2024-11003**: Vulnerabilities in Perl’s ScanDeps module can lead to arbitrary code execution.

5. **Access Requirements**: To exploit these vulnerabilities, attackers must have local access to the system, which mitigates the risk somewhat, but past exploits demonstrate the potential severity.

6. **Recommendation**:
– Upgrade to needrestart version 3.8 or later.
– Modify the `needrestart.conf` file to disable interpreter scanning:
“`plaintext
$nrconf{interpscan} = 0;
“`
– This change will prevent the execution of interpreters with potentially attacker-controlled environment variables.

7. **Conclusion**: Given the utility’s widespread use and long-standing vulnerabilities, addressing these flaws is critical to securing systems against privilege escalation attempts.

Full Article