Techly NewsGet the app

Get the latest tech news

Ubuntu Linux Impacted By Decade-Old 'needrestart' Flaw That Gives Root


Five local privilege escalation (LPE) vulnerabilities in the Linux utility "needrestart" -- widely used on Ubuntu to manage service updates -- allow attackers with local access to escalate privileges to root. The flaws were discovered by Qualys in needrestart version 0.8, and fixed in version 3.8. B...

BleepingComputer reports: Complete information about the flaws was made available in a separate text file, but a summary can be found below:- CVE-2024-48990: Needrestart executes the Python interpreter with a PYTHONPATH environment variable extracted from running processes. If a local attacker controls this variable, they can execute arbitrary code as root during Python initialization by planting a malicious shared library. The report notes that attackers would need to have local access to the operation system through malware or a compromised account in order to exploit these flaws.

Get the Android app

Or read this on Slashdot

Read more on:

Photo of flaw

flaw

Photo of decade

decade

Photo of root

root

Related news:

News photo

Ubuntu Linux impacted by decade-old 'needrestart' flaw that gives root

News photo

Why AI-Driven Productivity Is a Decade Away in the UK

News photo

Bootstrapping Alpine Linux without root

« What happens if Google has to sell Chrome?
Shazam hits 100 billion song recognitions »