Bitwarden launches new MFA Authenticator app for iOS, Android
Bitwarden, the creator of the popular open-source password manager, has just launched a new authenticator app called Bitwarden Authenticator, which is available for iOS and Android devices. […] Read More
10-Year Old Flaws In Ubuntu Server needrestart Package Let Attackers Gain Root Access
The cybersecurity community is on high alert following the discovery of five critical Local Privilege Escalation (LPE) vulnerabilities in the needrestart component, a default package in Ubuntu Server.
These flaws, present for nearly a decade, potentially allow any unprivileged user to obtain full root access without user interaction, posing a significant threat to system security.
The Qualys Threat Research Unit (TRU) identified these vulnerabilities and tracked them as:-
CVE-2024-48990
CVE-2024-48991
CVE-2024-48992
CVE-2024-10224
CVE-2024-11003
The flaws have existed since the introduction of interpreter support in needrestart version 0.8, released in April 2014, affecting all versions prior to 3.8.
Needrestart, a utility that scans systems to determine if restarts are necessary after updates, is automatically executed following APT operations.
Security experts at Qualys observed that the vulnerabilities allow local attackers to execute arbitrary code as root by manipulating environment variables that influence Python/Ruby interpreters, passing unsanitized data to libraries expecting safe input.
Maximizing Cybersecurity ROI: Expert Tips for SME & MSP Leaders – Attend Free Webinar
Technical Analysis
The vulnerabilities impact Ubuntu Server installations since version 21.04, potentially affecting a vast number of deployments worldwide. Organizations running these versions are at risk of unauthorized access, data breaches, and system compromises.
To address these vulnerabilities, system administrators are advised to:-
Update needrestart to version 3.8 or later.
Alternatively, disable the interpreter heuristic in needrestart’s configuration file (/etc/needrestart/needrestart.conf) by setting: text $nrconf{interpscan} = 0;
The cybersecurity industry is responding swiftly to these revelations. Qualys has announced the release of QIDs for vulnerability detection and is offering mitigation solutions through its TruRisk Eliminate platform.
Other security firms are expected to follow suit with updates to their vulnerability scanners and management tools. This discovery underscores the importance of regular security audits and prompt patching, even for long-standing system components.
As the situation develops, system administrators and security professionals are urged to stay vigilant, apply necessary patches, and monitor for any signs of exploitation.
Are you from SOC/DFIR Teams? – Analyse Malware Files & Links with ANY.RUN -> Try for Free
HPE investigates new breach after data for sale on hacking forum
Hewlett Packard Enterprise (HPE) is investigating a potential new breach after a threat actor put allegedly stolen data up for sale on a hacking forum, claiming it contains HPE credentials and other sensitive information. […] Read More