Ubuntu Linux impacted by decade-old 'needrestart' flaw that gives root
Five local privilege escalation (LPE) vulnerabilities have been discovered in the needrestart utility used by Ubuntu Linux, which was introduced over 10 years ago in version 21.04. It could allow a local attacker to gain root privileges without requiring user interaction.
The flaws were discovered by Qualys and are tracked as CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003. They were introduced in needrestart version 0.8, released in April 2014, and fixed only yesterday, in version 3.8.
Needrestart is a utility commonly used on Linux, including on Ubuntu Server, to identify services that require a restart after package updates, ensuring that those services run the most up-to-date versions of shared libraries.
See more
BleepingComputer: https://www.bleepingcomputer.com/news/security/ubuntu-linux-impacted-by-decade-old-needrestart-flaw-that-gives-root/
Infosecurity magazine:
https://www.infosecurity-magazine.com/news/5-privilege-escalation-flaws/
The Hacker News:
https://thehackernews.com/2024/11/decades-old-security-vulnerabilities.html
#cybersecurity #ubuntu
Oddbean new post about login | logout