These vulnerabilities have been present since the introduction of interpreter support in needrestart version 0.8, released in April 2014.
The Qualys Threat Research Unit (TRU) has identified five Local Privilege Escalation (LPE) vulnerabilities within the needrestart component, which is installed by default on Ubuntu Server. These vulnerabilities can be exploited by any unprivileged user to gain full root access without requiring user interaction. The identified flaws have been assigned the CVE identifiers CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003, highlighting the need for immediate remediation to protect system integrity.
“Needrestart is a utility that scans the system to determine whether a restart is necessary for the system or its services. Specifically, it flags services for restart if they’re using outdated shared libraries — such as when a library is replaced during a package update. By promptly updating services with the newest libraries, needrestart is vital for maintaining the security and efficiency of Ubuntu Server,” commented Saeed Abbasi, Product Manager, Vulnerability Research at Qualys TRU.
“By promptly updating services with the newest libraries, needrestart is vital for maintaining the security and efficiency of Ubuntu Server.” Saeed Abbasi, Product Manager, Vulnerability Research at Qualys TRU.
“The vulnerabilities are present in the needrestart component, installed by default on Ubuntu Server since version 21.04, impacting a substantial number of deployments globally. In versions prior to 3.8, the component allows local attackers to execute arbitrary code as root. This exploit is achieved by manipulating an attacker-controlled environment variable that influences the Python/Ruby interpreter, passing unsanitized data to a library that expects safe input, thereby enabling the execution of arbitrary shell commands,” added Abbasi.
Potential Impact
These vulnerabilities in the needrestart utility allow local users to escalate their privileges by executing arbitrary code during package installations or upgrades, where needrestart is often run as the root user.
An attacker exploiting these vulnerabilities could gain root access, compromising system integrity and security.
This poses considerable risks for enterprises, including unauthorized access to sensitive data, malware installation, and disruption of business operations. It could lead to data breaches, regulatory non-compliance, and erosion of trust among customers and stakeholders, ultimately affecting the organization’s reputation. Enterprises should swiftly mitigate this risk by updating the software or disabling the vulnerable feature.
