Subj : Ubuntu Linux has a worrying security flaw that may have gone unse To : All From : TechnologyDaily Date : Thu Nov 21 2024 15:45:05 Ubuntu Linux has a worrying security flaw that may have gone unseen for a decade Date: Thu, 21 Nov 2024 15:29:00 +0000 Description: Five vulnerabilities, possibly introduced a decade ago, allow crooks to escalate privileges on vulnerable devices. FULL STORY ======================================================================Security researchers find multiple flaws in service introduced a decade ago The flaws allow malicious actors to escalate privileges and run arbitrary code A patch is available, and users are urged to apply it Ubuntu Linux has been carrying multiple high-severity vulnerabilities for a decade, allowing malicious actors the ability to escalate their privileges to root without user interaction, experts have warned. Cybersecurity researchers Qualys found the bugs in the OS utility feature called needrestart, a utility that checks which services need to be restarted after an update or a change in the system's libraries or binaries. It is particularly useful after applying security updates or upgrading packages, as it ensures that the updates are effectively applied without requiring a full system reboot. Exploitable vulnerabilities Needrestart is capable of identifying services using outdated libraries, prompting to restart them, and recommending a system reboot when necessary. As a result, it helps maintain the security and stability of a system without needing frequent reboots. It was introduced in 2014 and maintained as a Debian package. It was vulnerable since the day of its inception, with Ubuntu Linux version 21.04. The five vulnerabilities in question are tracked as CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003. Needrestarts earliest vulnerable version is 0.8, and earliest clean version is 3.8, released earlier this week. More details about the vulnerabilities can be found here , but in short - they allow crooks to execute arbitrary code on vulnerable systems. The only prerequisite is that they have local access, either through malware , or compromised accounts. While this sounds like a solid mitigation, BleepingComputer reminds that attackers exploited similar Linux elevation of privilege flaws in the past, as well. One notable example is Loony Tunables, which exploited the nf_tables bug. Needrestart is an extremely popular, and widely used feature, and hackers will most likely now try to exploit it. Therefore, it is essential users upgrade to version 3.8 or later, as soon as possible. Via BleepingComputer You might also like This commonly-used Ubuntu tool can be hijacked to spread malware Here's a list of the best firewalls today These are the best endpoint protection tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/ubuntu-linux-has-a-worrying-security-fl aw-that-may-have-gone-unseen-for-a-decade --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .