- Security researchers find multiple flaws in service introduced a decade ago
- The flaws allow malicious actors to escalate privileges and run arbitrary code
- A patch is available, and users are urged to apply it
Ubuntu Linux has been carrying multiple high-severity vulnerabilities for a decade, allowing malicious actors the ability to escalate their privileges to root without user interaction, experts have warned.
Cybersecurity researchers Qualys found the bugs in the OS utility feature called ‘needrestart’, a utility that checks which services need to be restarted after an update or a change in the system’s libraries or binaries.
It is particularly useful after applying security updates or upgrading packages, as it ensures that the updates are effectively applied without requiring a full system reboot.
Exploitable vulnerabilities
Needrestart is capable of identifying services using outdated libraries, prompting to restart them, and recommending a system reboot when necessary. As a result, it helps maintain the security and stability of a system without needing frequent reboots.
It was introduced in 2014 and maintained as a Debian package. It was vulnerable since the day of its inception, with Ubuntu Linux version 21.04. The five vulnerabilities in question are tracked as CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003. Needrestart’s earliest vulnerable version is 0.8, and earliest clean version is 3.8, released earlier this week.
More details about the vulnerabilities can be found here, but in short – they allow crooks to execute arbitrary code on vulnerable systems. The only prerequisite is that they have local access, either through malware, or compromised accounts.
While this sounds like a solid mitigation, BleepingComputer reminds that attackers exploited similar Linux elevation of privilege flaws in the past, as well.
One notable example is Loony Tunables, which exploited the nf_tables bug. Needrestart is an extremely popular, and widely used feature, and hackers will most likely now try to exploit it. Therefore, it is essential users upgrade to version 3.8 or later, as soon as possible.
Via BleepingComputer