Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » Security vulnerabilities have been discovered in Ubuntu’s Needrestart package for decades
Global Security

Security vulnerabilities have been discovered in Ubuntu’s Needrestart package for decades

AdminBy AdminNovember 20, 2024No Comments3 Mins Read
Ubuntu Vulnerabilities
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


November 20, 2024Ravi LakshmananLinux / Vulnerability

Ubuntu Vulnerabilities

The needrestart package installed by default in Ubuntu Server (starting with version 21.04) discovered a number of ten-year-old security vulnerabilities that could allow a local attacker to gain root privileges without the need for user interaction.

Qualys Threat Research Unit (TRU) which detected and reported flaws early last month, said they are trivial to use, requiring users to move quickly to apply fixes. The vulnerabilities are believed to have existed since the introduction of translator support in the need to restart 0.8which was released on April 27, 2014.

“These needrestart exploits allow local privilege elevation (LPE), which means a local attacker can gain root privileges”, Ubuntu said in the guidance, noting that they were addressed in version 3.8.

Needrestart is a utility that scans the system to identify services that need to be restarted after applying shared library updates in a way that avoids a complete system restart.

Cyber ​​security

The five disadvantages are listed below –

  • CVE-2024-48990 (CVSS Score: 7.8) – Vulnerability that allows local attackers to execute arbitrary code as root by causing needrestart to launch the Python interpreter with an attacker-controlled PYTHONPATH environment variable
  • CVE-2024-48991 (CVSS Score: 7.8) – Vulnerability that allows local attackers to execute arbitrary code as root, winning a race and causing needrestart to run their own fake Python interpreter
  • CVE-2024-48992 (CVSS Score: 7.8) – Vulnerability that allows local attackers to execute arbitrary code as root by causing needrestart to launch the Ruby interpreter with an attacker-controlled RUBYLIB environment variable
  • CVE-2024-11003 (CVSS score: 7.8) and CVE-2024-10224 (CVSS Score: 5.3) – Two vulnerabilities that could allow a local attacker to execute arbitrary shell commands as root by taking advantage of an issue in the libmodule-scandeps-perl package (before version 1.36)

Successful exploitation of the above flaws could allow a local attacker to set specially crafted environment variables to PYTHONPATH or RUBYLIB, which could lead to the execution of arbitrary code pointing to the threat actor’s environment when needrestart is invoked.

“In CVE-2024-10224 (…), an attacker-controlled input could cause the Module::ScanDeps Perl module to run arbitrary shell commands by opening a “nuisance channel” (for example, passing “commands|” as a filename ) or by passing arbitrary strings to eval(),” Ubuntu noted.

Cyber ​​security

“This alone is not enough for local privilege enhancement. However, in CVE-2024-11003, needrestart passes attacker-controlled input (filenames) to Module::ScanDeps and runs CVE-2024-10224 with root privileges. The fix for CVE-2024-11003 removes the needrestart dependency on Module::ScanDeps.”

While downloading the latest patches is highly recommended, Ubuntu advises that users can disable interpreter scanners if they need to restart the configuration file as a temporary mitigation and ensure that changes are reversed after applying updates.

“These vulnerabilities in the needrestart utility allow local users to elevate their privileges by executing arbitrary code during the installation or update of packages, where needrestart is often run as the root user,” said Saeed Abbasi, TRU product manager at Qualys.

“An attacker exploiting these vulnerabilities could gain root access, compromising system integrity and security.”

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025

Packages malicious Pypi, NPM and Rubin

June 4, 2025

HPE releases security patch for Storeonce error, which allows by -by -distance authentication

June 4, 2025

Fake Docusign, Gitcode Sites Distributed Netsupport Rat Through Multiple Attack PowerShell

June 3, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025

Packages malicious Pypi, NPM and Rubin

June 4, 2025

HPE releases security patch for Storeonce error, which allows by -by -distance authentication

June 4, 2025

Fake Docusign, Gitcode Sites Distributed Netsupport Rat Through Multiple Attack PowerShell

June 3, 2025

Critical 10-year Error Webmail RoundCube allows users to run the malicious code

June 3, 2025

Understanding the scammers and how to defend their organization

June 3, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.