Qualys Discovers Five Critical Privilege Escalation Vulnerabilities in Needrestart

News Desk -

Share

The Qualys Threat Research Unit (TRU) has uncovered five critical Local Privilege Escalation (LPE) vulnerabilities in the needrestart component, which is installed by default on Ubuntu Server. These vulnerabilities, discovered in versions of needrestart dating back to April 2014, can be exploited by unprivileged users to gain full root access without any user interaction, posing significant security risks.

The identified vulnerabilities have been assigned the CVE identifiers CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003, underscoring the urgency of remediation to protect system integrity.

Needrestart, a utility that scans systems for necessary restarts due to outdated shared libraries, is crucial for maintaining the security and efficiency of Ubuntu Server. However, the flaws discovered in the component can be exploited by local attackers to execute arbitrary code as root by manipulating an attacker-controlled environment variable, which influences the Python/Ruby interpreter.

The vulnerabilities in needrestart allow local attackers to escalate privileges and execute arbitrary code during package installations or upgrades, where needrestart often runs as the root user. Exploiting these vulnerabilities could lead to complete root access, compromising system integrity and security.

This exposes enterprises to significant risks, including unauthorized access to sensitive data, malware installation, system disruptions, data breaches, and potential regulatory non-compliance. If left unpatched, this could damage business operations and harm organizational reputation.

To mitigate the risk, enterprises are advised to either update needrestart to the latest version or disable the vulnerable feature. Disabling the interpreter heuristic in needrestart’s configuration file (/etc/needrestart/needrestart.conf) can prevent exploitation:

 # Disable interpreter scanners.

 $nrconf{interpscan} = 0;

By taking immediate action to address this vulnerability, organizations can safeguard their systems and maintain security integrity.