1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Ubuntu Linux has a worrying security flaw that may have gone unse

    From TechnologyDaily@1337:1/100 to All on Thu Nov 21 15:45:05 2024
    Ubuntu Linux has a worrying security flaw that may have gone unseen for a decade

    Date:
    Thu, 21 Nov 2024 15:29:00 +0000

    Description:
    Five vulnerabilities, possibly introduced a decade ago, allow crooks to escalate privileges on vulnerable devices.

    FULL STORY ======================================================================Security
    researchers find multiple flaws in service introduced a decade ago The flaws allow malicious actors to escalate privileges and run arbitrary code A patch is available, and users are urged to apply it

    Ubuntu Linux has been carrying multiple high-severity vulnerabilities for a decade, allowing malicious actors the ability to escalate their privileges to root without user interaction, experts have warned.

    Cybersecurity researchers Qualys found the bugs in the OS utility feature called needrestart, a utility that checks which services need to be restarted after an update or a change in the system's libraries or binaries.

    It is particularly useful after applying security updates or upgrading packages, as it ensures that the updates are effectively applied without requiring a full system reboot. Exploitable vulnerabilities

    Needrestart is capable of identifying services using outdated libraries, prompting to restart them, and recommending a system reboot when necessary.
    As a result, it helps maintain the security and stability of a system without needing frequent reboots.

    It was introduced in 2014 and maintained as a Debian package. It was vulnerable since the day of its inception, with Ubuntu Linux version 21.04. The five vulnerabilities in question are tracked as CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003. Needrestarts earliest vulnerable version is 0.8, and earliest clean version
    is 3.8, released earlier this week.

    More details about the vulnerabilities can be found here , but in short -
    they allow crooks to execute arbitrary code on vulnerable systems. The only prerequisite is that they have local access, either through malware , or compromised accounts.

    While this sounds like a solid mitigation, BleepingComputer reminds that attackers exploited similar Linux elevation of privilege flaws in the past,
    as well.

    One notable example is Loony Tunables, which exploited the nf_tables bug. Needrestart is an extremely popular, and widely used feature, and hackers
    will most likely now try to exploit it. Therefore, it is essential users upgrade to version 3.8 or later, as soon as possible.

    Via BleepingComputer You might also like This commonly-used Ubuntu tool can be hijacked to spread malware Here's a list of the best firewalls today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/ubuntu-linux-has-a-worrying-security-fl aw-that-may-have-gone-unseen-for-a-decade


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)