Privilege Escalation Risk: Ubuntu Users Urged to Update needrestart

Ubuntu Linux has come under scrutiny following the discovery of long-standing vulnerabilities in the needrestart utility, which has been in use since 2014. These flaws enable attackers with local access to elevate privileges to root without requiring user interaction.

Researchers from Qualys identified five vulnerabilities, cataloged as CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003. All except the penultimate vulnerability received a CVSS score of 7.8, while CVE-2024-10224 was rated at 5.3. The issues stem from the needrestart utility, which checks whether services need to be restarted after updates or changes to system library files.

Introduced in 2014, the utility has been invaluable for applying system updates without requiring a full reboot, enhancing the operating system’s security without sacrificing uptime or stability. However, it was revealed that needrestart has been vulnerable since version 0.8, which was included in Ubuntu 21.04. The first patched version, 3.8, was released only this week.

The vulnerabilities allow arbitrary code execution on affected systems. While local access is a prerequisite for exploitation, such access can be achieved via malware or compromised user accounts.

Although the requirement for local access somewhat narrows the attack surface, experts warn that similar Linux vulnerabilities have been effectively exploited in the past for privilege escalation. Security professionals strongly advise Ubuntu administrators to immediately update needrestart to version 3.8 to mitigate these risks and prevent potential attacks.