About Elevation of Privilege – needrestart (CVE-2024-48990) vulnerability. On November 19, Qualys released a security bulletin about five privilege escalation vulnerabilities in the needrestart utility (CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003) used in Ubuntu Server, starting with version 21.04.
The needrestart utility runs automatically after APT operations (installing, updating, or removing packages). It checks if a reboot is required, thus ensuring that services use updated libraries without unnecessary downtime.
All 5 vulnerabilities make it possible for a regular user to become root. Qualys has private exploits for each. There is currently a publicly available exploit only for one vulnerability related to the PYTHONPATH environment variable.
It is available on Github since November 20th.
Update needrestart to version 3.8 or disable “interpreter scanning” in needrestart.conf.
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.