November 21, 2024 at 10:08AM
Qualys researchers revealed five critical vulnerabilities in Ubuntu Server’s needrestart utility that allow unprivileged attackers to gain root access. Though they developed exploit code, they won’t release it due to its alarming nature. Admins are urged to update to version 3.8 or later to mitigate risks.
**Meeting Takeaways:**
1. **Vulnerabilities Identified:**
– Five critical vulnerabilities in the Ubuntu Server’s needrestart utility allow unprivileged attackers to gain root access.
– Vulnerabilities disclosed by Saeed Abbasi from Qualys’s Threat Research Unit (TRU) were first introduced in April 2014.
2. **Exploit Details:**
– The vulnerabilities are easily exploitable due to their nature, which involves manipulating control environment variables affecting the Python/Ruby interpreter and passing unsanitized data.
– Qualys has developed a working exploit but has chosen not to release it.
3. **Specific Vulnerabilities:**
– **CVE-2024-48990** (CVSSv3: 7.8): Vulnerability due to needrestart extracting the PYTHONPATH environment variable, allowing code execution as root.
– **CVE-2024-48991** (CVSSv3: 7.8): TOCTOU race condition affecting the Python interpreter, potentially allowing arbitrary code execution.
– **CVE-2024-48992** (CVSSv3: 7.8): Similar to CVE-2024-48990, but affecting the Ruby interpreter.
– **CVE-2024-10224** (CVSSv3: 5.3): Vulnerability in Perl’s ScanDeps module, enabling attackers to execute crafted shell command filenames.
– **CVE-2024-11003** (CVSSv3: 7.8): Linked to CVE-2024-10224, concerning unsanitized input leading to arbitrary shell command execution.
4. **Impact on Systems:**
– Needrestart has been installed by default since version 0.8, making billions of deployments potentially vulnerable.
– While the vulnerabilities are serious, attackers would require local access to exploit them, mitigating the immediate risk.
5. **Recommendations:**
– It is imperative for admins to update to version 3.8 or later of the needrestart utility to avoid vulnerabilities.
– Alternatively, users can modify needrestart’s configuration to disable the interpreter heuristic as a temporary mitigation.
6. **Enterprise Risks:**
– Unaddressed vulnerabilities may lead to unauthorized access, data breaches, regulatory issues, and damage to the organization’s reputation.
7. **Action Required:**
– Swift action is needed to mitigate risks by updating software or changing configuration settings to protect systems against potential exploitation.