Many years-Outdated Safety Vulnerabilities Present in Ubuntu’s Needrestart Package deal
[ad_1]
A number of decade-old safety vulnerabilities have been disclosed within the needrestart bundle put in by default in Ubuntu Server (since model 21.04) that might enable a neighborhood attacker to realize root privileges with out requiring person interplay.
The Qualys Menace Analysis Unit (TRU), which identified and reported the issues early final month, stated they’re trivial to use, necessitating that customers transfer rapidly to use the fixes. The vulnerabilities are believed to have existed for the reason that introduction of interpreter assist in needrestart 0.8, which was launched on April 27, 2014.
“These needrestart exploits enable Native Privilege Escalation (LPE) which signifies that a neighborhood attacker is ready to achieve root privileges,” Ubuntu said in an advisory, noting they’ve been addressed in model 3.8.
Needrestart is a utility that scans a system to find out the providers that must be restarted after making use of shared library updates in a way that avoids an entire system reboot.
The 5 flaws are listed beneath –
- CVE-2024-48990 (CVSS rating: 7.8) – A vulnerability that permits native attackers to execute arbitrary code as root by tricking needrestart into working the Python interpreter with an attacker-controlled PYTHONPATH atmosphere variable
- CVE-2024-48991 (CVSS rating: 7.8) – A vulnerability that permits native attackers to execute arbitrary code as root by successful a race situation and tricking needrestart into working their very own, faux Python interpreter
- CVE-2024-48992 (CVSS rating: 7.8) – A vulnerability that permits native attackers to execute arbitrary code as root by tricking needrestart into working the Ruby interpreter with an attacker-controlled RUBYLIB atmosphere variable
- CVE-2024-11003 (CVSS rating: 7.8) and CVE-2024-10224 (CVSS rating: 5.3) – Two vulnerabilities that permits a neighborhood attacker to execute arbitrary shell instructions as root by profiting from a problem within the libmodule-scandeps-perl bundle (earlier than model 1.36)
Profitable exploitation of the aforementioned shortcomings might enable a neighborhood attacker to set specifically crafted atmosphere variables for PYTHONPATH or RUBYLIB that might end result within the execution of arbitrary code pointing to the risk actor’s atmosphere when needrestart is run.
“In CVE-2024-10224, […] attacker-controlled enter might trigger the Module::ScanDeps Perl module to run arbitrary shell instructions by open()ing a ‘pesky pipe’ (equivalent to by passing ‘instructions|’ as a filename) or by passing arbitrary strings to eval(),” Ubuntu famous.
“By itself, this isn’t sufficient for native privilege escalation. Nonetheless, in CVE-2024-11003 needrestart passes attacker-controlled enter (filenames) to Module::ScanDeps and triggers CVE-2024-10224 with root privilege. The repair for CVE-2024-11003 removes needrestart’s dependency on Module::ScanDeps.”
Whereas it is extremely suggested to obtain the most recent patches, Ubuntu stated customers can disable interpreter scanners in needrestart the configuration file as a brief mitigation and be sure that the modifications are reverted after the updates are utilized.
“These vulnerabilities within the needrestart utility enable native customers to escalate their privileges by executing arbitrary code throughout bundle installations or upgrades, the place needrestart is usually run as the foundation person,” Saeed Abbasi, product supervisor of TRU at Qualys, stated.
“An attacker exploiting these vulnerabilities might achieve root entry, compromising system integrity and safety.”
[ad_2]
Source link