Five local privilege escalation (LPE) vulnerabilities, present in Ubuntu’s needrestart utility since 2014, were discovered by Qualys and recently patched in version 3.8. The flaws, tracked as CVE-2024-48990 through CVE-2024-11003, allow attackers with local access to escalate their privileges to root by exploiting weaknesses in how the tool handles interpreter environment variables and file processing.
Needrestart, included in Ubuntu since version 21.04, identifies services requiring a restart after updates. The vulnerabilities stem from its handling of Python, Ruby, and Perl interpreters, allowing malicious code execution via manipulated environment variables or crafted filenames.
While these flaws require local access, similar vulnerabilities have been exploited in the past to gain root access on Linux systems. To mitigate the risk, users are advised to upgrade to version 3.8 or later and disable the interpreter scanning feature in the needrestart.conf file to prevent further exploitation.
The discovery underscores the risks of long-standing vulnerabilities in widely used Linux tools, particularly on critical systems.
Read more...