The Qualys Threat Research Unit has identified five Local Privilege Escalation (LPE) vulnerabilities in the needrestart component used by Ubuntu Servers, posing significant security threats. These vulnerabilities, linked to CVE identifiers, allow any unprivileged user to gain full root access during package installations or upgrades.
Needrestart is a utility automatically executed after APT operations, ensuring system security and performance without necessitating full system reboots. However, the vulnerabilities found since needrestart version 0.8 can lead to unauthorized access to sensitive data, malware installations, and disruptions of business operations.
The affected Ubuntu Server versions include those from 21.04 onwards, which is why enterprises are advised to update the needrestart software or disable the vulnerable feature by modifying the configuration file. The required changes can be made by setting “$nrconf{interpscan} = 0;” in the /etc/needrestart/needrestart.conf file.
A fix for these vulnerabilities has been confirmed in needrestart version 3.8, and an update is strongly recommended to protect system integrity. For more technical details on the vulnerabilities or solutions, visit the Qualys blog and associated technical write-ups.
Source: https://securitybrief.com.au/story/critical-needrestart-vulnerabilities-found-in-ubuntu-servers