Slashdot: Ubuntu Linux Impacted By Decade-Old ‘needrestart’ Flaw That Gives Root

Source URL: https://it.slashdot.org/story/24/11/21/0057206/ubuntu-linux-impacted-by-decade-old-needrestart-flaw-that-gives-root?utm_source=rss1.0mainlinkanon&utm_medium=feed
Source: Slashdot
Title: Ubuntu Linux Impacted By Decade-Old ‘needrestart’ Flaw That Gives Root

Feedly Summary:

AI Summary and Description: Yes

Summary: The text details five local privilege escalation vulnerabilities found in the Linux utility “needrestart,” crucial for professionals in security and compliance to recognize, as they highlight significant risks associated with resource management on Ubuntu systems. Each vulnerability allows an attacker with local access to escalate privileges, thereby emphasizing the necessity for timely upgrades and configurations to mitigate these threats.

Detailed Description:
The vulnerabilities identified in needrestart, version 0.8, underscore critical security weaknesses that could be exploited by local attackers on Ubuntu systems. Understanding these vulnerabilities is essential for security professionals managing system integrity and compliance within their infrastructure.

– **Vulnerability Overview**:
– **CVE-2024-48990**: Utilizes a manipulated PYTHONPATH to execute arbitrary code as root via malicious shared libraries during Python initialization.
– **CVE-2024-48992**: Exposes the Ruby interpreter to local attacks through a manipulated RUBYLIB variable, allowing execution of arbitrary Ruby code as root.
– **CVE-2024-48991**: A race condition permits the replacement of the Python interpreter binary with a malicious executable, tricking needrestart into executing unwanted code.
– **CVE-2024-10224**: Mismanagement in Perl’s ScanDeps module can lead to arbitrary command execution through crafted filenames, enabling attacks when files are processed.
– **CVE-2024-11003**: The vulnerabilities linked with the use of eval() in the ScanDeps module could facilitate arbitrary code execution from attacker-controlled input.

– **Recommended Actions**:
– **Upgrade to Version 3.8 or Later**: Installing the patched version is essential for eliminating all identified vulnerabilities.
– **Configuration Change**: Adjusting the needrestart.conf file to disable the interpreter scanning feature can further help prevent possible exploitation until updates are applied.

The disclosure by Qualys and subsequent reporting by BleepingComputer serves as an important reminder for IT and cybersecurity professionals to remain vigilant about local privilege escalation vulnerabilities in utilities that manage system services. This situation emphasizes the importance of proactive security measures and adhering to best practices in software security, particularly with widely-used tools in the Linux ecosystem.