#Qualys

Ubuntu Linux impacted by decade-old ‘needrestart’ flaw that gives root

by

November 20, 2024 at 02:11PM Five local privilege escalation vulnerabilities in Ubuntu’s needrestart utility were discovered by Qualys, tracked as CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003. All were fixed in version 3.8. Attackers with local access could exploit these flaws to gain root privileges. ### Meeting Takeaways: 1. **Vulnerability Overview**: Five local privilege escalation (LPE) … Read more

Decades-Old Security Vulnerabilities Found in Ubuntu’s Needrestart Package

by

November 20, 2024 at 04:45AM Multiple security vulnerabilities have been found in the needrestart package on Ubuntu Server, allowing local attackers to gain root privileges. Identified by Qualys, these flaws are easy to exploit, prompting users to upgrade to the latest version (3.8) or temporarily disable interpreter scanners to mitigate risks. ### Meeting Takeaways – … Read more

Microsoft Says Windows Not Impacted by regreSSHion as Second OpenSSH Bug Is Found

by

July 15, 2024 at 07:24AM OpenSSH recently faced a second remote code execution vulnerability, named regreSSHion. Discovered by Qualys and Openwall founder Alexander Peslyak, the bug impacts OpenSSH servers and a race condition in the ‘privsep’ child process. Another flaw, tracked as CVE-2024-6409, was also found, with impacted Linux distributions releasing advisories and patches. Windows … Read more

Nasty regreSSHion bug in OpenSSH puts around 700K Linux boxes at risk

by

July 1, 2024 at 10:08AM Glibc-based Linux systems should upgrade OpenSSH’s server due to a new bug (CVE-2024-6387) revealed by Qualys researchers. They discovered a race condition vulnerability that could lead to remote code execution, affecting potentially hundreds of thousands of instances. Systems running on OpenBSD are exempt, and Qualys recommends specific patches and network-based … Read more

New regreSSHion OpenSSH RCE bug gives root on Linux servers

by

July 1, 2024 at 09:39AM A new OpenSSH vulnerability, known as “regreSSHion,” allows unauthenticated remote attackers to gain root privileges on glibc-based Linux systems. If exploited, it could lead to severe consequences such as system takeover and data manipulation. The vulnerability affects OpenSSH servers on Linux from version 8.5p1 up to version 9.8p1 and can … Read more