From www.techradar.com

Ubuntu

(Image credit: Future)


  • Security researchers find multiple flaws in service introduced a decade ago
  • The flaws allow malicious actors to escalate privileges and run arbitrary code
  • A patch is available, and users are urged to apply it

Ubuntu Linux has been carrying multiple high-severity vulnerabilities for a decade, allowing malicious actors the ability to escalate their privileges to root without user interaction, experts have warned.

Cybersecurity researchers Qualys found the bugs in the OS utility feature called ‘needrestart’, a utility that checks which services need to be restarted after an update or a change in the system’s libraries or binaries.

It is particularly useful after applying security updates or upgrading packages, as it ensures that the updates are effectively applied without requiring a full system reboot.

Exploitable vulnerabilities

Needrestart is capable of identifying services using outdated libraries, prompting to restart them, and recommending a system reboot when necessary. As a result, it helps maintain the security and stability of a system without needing frequent reboots.

It was introduced in 2014 and maintained as a Debian package. It was vulnerable since the day of its inception, with Ubuntu Linux version 21.04. The five vulnerabilities in question are tracked as CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003. Needrestart’s earliest vulnerable version is 0.8, and earliest clean version is 3.8, released earlier this week.

More details about the vulnerabilities can be found here, but in short – they allow crooks to execute arbitrary code on vulnerable systems. The only prerequisite is that they have local access, either through malware, or compromised accounts.

While this sounds like a solid mitigation, BleepingComputer reminds that attackers exploited similar Linux elevation of privilege flaws in the past, as well.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

One notable example is Loony Tunables, which exploited the nf_tables bug. Needrestart is an extremely popular, and widely used feature, and hackers will most likely now try to exploit it. Therefore, it is essential users upgrade to version 3.8 or later, as soon as possible.

Via BleepingComputer

You might also like

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

[ For more curated Computing news, check out the main news page here]

The post Ubuntu Linux has a worrying security flaw that may have gone unseen for a decade first appeared on www.techradar.com

New reasons to get excited everyday.



Get the latest tech news delivered right in your mailbox

You may also like

Subscribe
Notify of
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments

More in computing