fbpx
Techitup Middle East
B2B TechnologyCybersecurity

Qualys Uncovers Privilege Escalation Vulnerabilities in needrestart

The Qualys Threat Research Unit (TRU) has identified five Local Privilege Escalation (LPE) vulnerabilities within the needrestart component, which is installed by default on Ubuntu Server. These vulnerabilities can be exploited by any unprivileged user to gain full root access without requiring user interaction. The identified flaws have been assigned the CVE identifiers CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003, highlighting the need for immediate remediation to protect system integrity.

Potential Impact

These vulnerabilities in the needrestart utility allow local users to escalate their privileges by executing arbitrary code during package installations or upgrades, where needrestart is often run as the root user.

An attacker exploiting these vulnerabilities could gain root access, compromising system integrity and security. This poses considerable risks for enterprises, including unauthorized access to sensitive data, malware installation, and disruption of business operations. It could lead to data breaches, regulatory non-compliance, and erosion of trust among customers and stakeholders, ultimately affecting the organization’s reputation. Enterprises should swiftly mitigate this risk by updating the software or disabling the vulnerable feature.

Steps to Mitigate Risk

Disabling the interpreter heuristic in needrestart’s config prevents this attack. The needrestart configuration file is typically located at /etc/needrestart/needrestart.conf. This file contains various settings that control the behavior of the needrestart utility.

# Disable interpreter scanners.

$nrconf{interpscan} = 0;

This modification will disable the interpreter scanning feature.

More information is available at the Qualys TRU blog post here.

Technical details of these vulnerabilities are available on the Qualys website.

Related posts

ABO Digital Commits $10M to IoT Blockchain Company Kalima

Editor

DAMAC Group Announces Increased Investment in AI Sector

Editor

BeyondTrust Announces Password Safe as a SaaS in the UAE

Editor

Leave a Comment