Ubuntu Linux impacted by decade-old 'needrestart' flaw that gives root Five local ...

npub1zm7…pnd6

2024-11-21 10:29:54

Ubuntu Linux impacted by decade-old 'needrestart' flaw that gives root

Five local privilege escalation (LPE) vulnerabilities have been discovered in the needrestart utility used by Ubuntu Linux, which was introduced over 10 years ago in version 21.04. It could allow a local attacker to gain root privileges without requiring user interaction.

The flaws were discovered by Qualys and are tracked as CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003. They were introduced in needrestart version 0.8, released in April 2014, and fixed only yesterday, in version 3.8.

Needrestart is a utility commonly used on Linux, including on Ubuntu Server, to identify services that require a restart after package updates, ensuring that those services run the most up-to-date versions of shared libraries.

See more
BleepingComputer: https://www.bleepingcomputer.com/news/security/ubuntu-linux-impacted-by-decade-old-needrestart-flaw-that-gives-root/

Infosecurity magazine:
https://www.infosecurity-magazine.com/news/5-privilege-escalation-flaws/

The Hacker News:
https://thehackernews.com/2024/11/decades-old-security-vulnerabilities.html

#cybersecurity #ubuntu

Author Public Key

npub1zm7jduqq2nmxz5wxh4ujtm00g9vxzqa0r82yt7flvm67yje5gfaqa5pnd6

Show more details

Published at

2024-11-21 10:29:54

Kind type

1 Short Text Note

Event JSON

{ "id": "7231ba7375acae2cccecefff422ccdf6ef42877dae72d011717af105bcd3c86e", "pubkey": "16fd26f00054f66151c6bd7925edef41586103af19d445f93f66f5e24b34427a", "created_at": 1732184994, "kind": 1, "tags": [ [ "t", "cybersecurity" ], [ "t", "ubuntu" ], [ "r", "https://www.bleepingcomputer.com/news/security/ubuntu-linux-impacted-by-decade-old-needrestart-flaw-that-gives-root/" ], [ "r", "https://www.infosecurity-magazine.com/news/5-privilege-escalation-flaws/" ], [ "r", "https://thehackernews.com/2024/11/decades-old-security-vulnerabilities.html" ] ], "content": "Ubuntu Linux impacted by decade-old 'needrestart' flaw that gives root\n\nFive local privilege escalation (LPE) vulnerabilities have been discovered in the needrestart utility used by Ubuntu Linux, which was introduced over 10 years ago in version 21.04. It could allow a local attacker to gain root privileges without requiring user interaction.\n\nThe flaws were discovered by Qualys and are tracked as CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003. They were introduced in needrestart version 0.8, released in April 2014, and fixed only yesterday, in version 3.8.\n\nNeedrestart is a utility commonly used on Linux, including on Ubuntu Server, to identify services that require a restart after package updates, ensuring that those services run the most up-to-date versions of shared libraries.\n\nSee more\nBleepingComputer: https://www.bleepingcomputer.com/news/security/ubuntu-linux-impacted-by-decade-old-needrestart-flaw-that-gives-root/\n\nInfosecurity magazine:\nhttps://www.infosecurity-magazine.com/news/5-privilege-escalation-flaws/\n\nThe Hacker News:\nhttps://thehackernews.com/2024/11/decades-old-security-vulnerabilities.html\n\n\n#cybersecurity #ubuntu\n\n", "sig": "23b46847bafaa2934940e7f2f1eed427df4f9e06138585518d69f7a73c80aed615dcde868e5f7911d1eea0758d140405b090795a56a92fb3db92970db7cdc3aa" }