socradar.io
Open in
urlscan Pro
2606:4700:3108::ac42:2bbb
Public Scan
URL:
https://socradar.io/privilege-escalation-risks-in-needrestart-utility-threaten-linux-systems-oss-fuzz-finds-26-hidde...
Submission: On December 05 via api from IN — Scanned from US
Submission: On December 05 via api from IN — Scanned from US
Form analysis 3 forms found in the DOM
GET https://socradar.io/labs/dark-web-report/search
<form target="_blank" action="https://socradar.io/labs/dark-web-report/search" method="GET" data-hs-cf-bound="true">
<div class="form-wrapper relative grid gap-[30px]">
<div class="form-el group/form">
<input name="domain" type="text" placeholder="Type your domain or email address" required=""
class="pr-[80px] w-full h-[62px] rounded-[5px] bg-transparent outline-none px-[20px] sm:px-[20px] text-[16px] leading-normal text-santas-gray-500 duration-350 placeholder:text-santas-gray-500/75 border-solid !border-[1px] border-santas-gray-500/25 hover:border-santas-gray-500/50 group-[&.error]/form:border-primary">
<label class="block text-[14px] font-medium text-port-gray-950 dark:text-white leading-tight mt-[15px] text-center">Type your domain to get your free dark web report</label>
</div>
<div class="form-el group/form min-lg:absolute min-lg:right-[5px] min-lg:top-[5px]">
<button
class="button group/button h-[52px] sm:w-full px-[20px] duration-350 flex items-center justify-center rounded-[10px] bg-primary hover:bg-[#DB1937] focus:bg-[#BD0320] active:bg-[#BD0320] dark:disabled:bg-[#9C9C9C] disabled:bg-[#E6E6E6] disabled:pointer-events-none">
<div class="text duration-350 relative z-2 text-white text-[18px] xl:text-[16px] font-semibold text-center whitespace-nowrap group-disabled/button:text-[#B3B3B3] dark:group-disabled/button:text-[#797979]">
<div
class="icon icon-arrow-right text-[14px] h-[14px] block leading-none duration-350 text-secondary group-focus/button:text-[#FFFFFF] group-active/button:text-[#E21636] group-active/button:translate-x-[10px] group-disabled/button:text-[#FFFFFF] dark:group-disabled/button:text-[#9C9C9C]">
</div>
</div>
</button>
</div>
</div>
</form>POST https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/21028238/c5d75458-f8b1-49d4-aad9-32f0175a819c
<form id="hsForm_c5d75458-f8b1-49d4-aad9-32f0175a819c" method="POST" accept-charset="UTF-8" enctype="multipart/form-data" novalidate=""
action="https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/21028238/c5d75458-f8b1-49d4-aad9-32f0175a819c"
class="hs-form-private hsForm_c5d75458-f8b1-49d4-aad9-32f0175a819c hs-form-c5d75458-f8b1-49d4-aad9-32f0175a819c hs-form-c5d75458-f8b1-49d4-aad9-32f0175a819c_9c76d199-841f-4bf4-a983-8b49bee160be hs-form stacked hs-custom-form hs-custom-style"
target="target_iframe_c5d75458-f8b1-49d4-aad9-32f0175a819c" data-instance-id="9c76d199-841f-4bf4-a983-8b49bee160be" data-form-id="c5d75458-f8b1-49d4-aad9-32f0175a819c" data-portal-id="21028238"
data-test-id="hsForm_c5d75458-f8b1-49d4-aad9-32f0175a819c" data-hs-cf-bound="true">
<div class="hs_email hs-email hs-fieldtype-text field hs-form-field"><label id="label-email-c5d75458-f8b1-49d4-aad9-32f0175a819c" class="" placeholder="Enter your Business Email Address"
for="email-c5d75458-f8b1-49d4-aad9-32f0175a819c"><span>Business Email Address</span><span class="hs-form-required">*</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="email-c5d75458-f8b1-49d4-aad9-32f0175a819c" name="email" required="" placeholder="" type="email" class="hs-input" inputmode="email" autocomplete="email" value=""></div>
</div>
<div class="hs_utm_campaign hs-utm_campaign hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_campaign-c5d75458-f8b1-49d4-aad9-32f0175a819c" class="" placeholder="Enter your utm_campaign"
for="utm_campaign-c5d75458-f8b1-49d4-aad9-32f0175a819c"><span>utm_campaign</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_campaign" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_utm_content hs-utm_content hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_content-c5d75458-f8b1-49d4-aad9-32f0175a819c" class="" placeholder="Enter your utm_content"
for="utm_content-c5d75458-f8b1-49d4-aad9-32f0175a819c"><span>utm_content</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_content" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_utm_source hs-utm_source hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_source-c5d75458-f8b1-49d4-aad9-32f0175a819c" class="" placeholder="Enter your utm_source"
for="utm_source-c5d75458-f8b1-49d4-aad9-32f0175a819c"><span>utm_source</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_source" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_utm_medium hs-utm_medium hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_medium-c5d75458-f8b1-49d4-aad9-32f0175a819c" class="" placeholder="Enter your utm_medium"
for="utm_medium-c5d75458-f8b1-49d4-aad9-32f0175a819c"><span>utm_medium</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_medium" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_utm_term hs-utm_term hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_term-c5d75458-f8b1-49d4-aad9-32f0175a819c" class="" placeholder="Enter your utm_term"
for="utm_term-c5d75458-f8b1-49d4-aad9-32f0175a819c"><span>utm_term</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_term" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_submit hs-submit">
<div class="hs-field-desc" style="display: none;"></div>
<div class="actions"><input type="submit" class="hs-button primary large" value="Subscribe Now"></div>
</div><input name="hs_context" type="hidden"
value="{"embedAtTimestamp":"1733399024041","formDefinitionUpdatedAt":"1732862268976","lang":"en","embedType":"REGULAR","disableCookieSubmission":"true","notifyHubSpotOwner":"true","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36","pageTitle":"Privilege Escalation Risks in ‘needrestart’ Utility Threaten Linux Systems; OSS-Fuzz Finds 26 Hidden Flaws - SOCRadar® Cyber Intelligence Inc.","pageUrl":"https://socradar.io/privilege-escalation-risks-in-needrestart-utility-threaten-linux-systems-oss-fuzz-finds-26-hidden-flaws/","isHubSpotCmsGeneratedPage":false,"hutk":"0e290996bb9adaec17f1083ce573bc9f","__hsfp":1372317473,"__hssc":"83077705.1.1733399028911","__hstc":"83077705.0e290996bb9adaec17f1083ce573bc9f.1733399028911.1733399028911.1733399028911.1","formTarget":"#hbspt-form-9c76d199-841f-4bf4-a983-8b49bee160be","rumScriptExecuteTime":3865.900001525879,"rumTotalRequestTime":4142.300001144409,"rumTotalRenderTime":4183.700000762939,"rumServiceResponseTime":276.3999996185303,"rumFormRenderTime":41.39999961853027,"connectionType":"4g","firstContentfulPaint":0,"largestContentfulPaint":0,"locale":"en","timestamp":1733399028923,"originalEmbedContext":{"portalId":"21028238","formId":"c5d75458-f8b1-49d4-aad9-32f0175a819c","region":"na1","target":"#hbspt-form-9c76d199-841f-4bf4-a983-8b49bee160be","isBuilder":false,"isTestPage":false,"isPreview":false,"deactivateSmartForm":true,"css":"","isMobileResponsive":true,"formData":{"cssClass":"hs-form stacked hs-custom-form"}},"correlationId":"9c76d199-841f-4bf4-a983-8b49bee160be","renderedFieldsIds":["email","utm_campaign","utm_content","utm_source","utm_medium","utm_term"],"captchaStatus":"NOT_APPLICABLE","emailResubscribeStatus":"NOT_APPLICABLE","isInsideCrossOriginFrame":false,"source":"forms-embed-1.6227","sourceName":"forms-embed","sourceVersion":"1.6227","sourceVersionMajor":"1","sourceVersionMinor":"6227","allPageIds":{},"_debug_embedLogLines":[{"clientTimestamp":1733399024126,"level":"INFO","message":"Retrieved customer callbacks used on embed context: [\"onFormSubmit\"]"},{"clientTimestamp":1733399024127,"level":"INFO","message":"Retrieved pageContext values which may be overriden by the embed context: {\"pageTitle\":\"Privilege Escalation Risks in ‘needrestart’ Utility Threaten Linux Systems; OSS-Fuzz Finds 26 Hidden Flaws - SOCRadar® Cyber Intelligence Inc.\",\"pageUrl\":\"https://socradar.io/privilege-escalation-risks-in-needrestart-utility-threaten-linux-systems-oss-fuzz-finds-26-hidden-flaws/\",\"userAgent\":\"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36\",\"isHubSpotCmsGeneratedPage\":false}"},{"clientTimestamp":1733399024130,"level":"INFO","message":"Retrieved countryCode property from normalized embed definition response: \"US\""},{"clientTimestamp":1733399028917,"level":"INFO","message":"Retrieved analytics values from API response which may be overriden by the embed context: {\"hutk\":\"0e290996bb9adaec17f1083ce573bc9f\"}"}]}"><iframe
name="target_iframe_c5d75458-f8b1-49d4-aad9-32f0175a819c" style="display: none;"></iframe>
</form>POST https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/21028238/c5d75458-f8b1-49d4-aad9-32f0175a819c
<form id="hsForm_c5d75458-f8b1-49d4-aad9-32f0175a819c" method="POST" accept-charset="UTF-8" enctype="multipart/form-data" novalidate=""
action="https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/21028238/c5d75458-f8b1-49d4-aad9-32f0175a819c"
class="hs-form-private hsForm_c5d75458-f8b1-49d4-aad9-32f0175a819c hs-form-c5d75458-f8b1-49d4-aad9-32f0175a819c hs-form-c5d75458-f8b1-49d4-aad9-32f0175a819c_53874af5-16e1-4260-93f1-476eed55c441 hs-form stacked hs-custom-form hs-custom-style"
target="target_iframe_c5d75458-f8b1-49d4-aad9-32f0175a819c" data-instance-id="53874af5-16e1-4260-93f1-476eed55c441" data-form-id="c5d75458-f8b1-49d4-aad9-32f0175a819c" data-portal-id="21028238"
data-test-id="hsForm_c5d75458-f8b1-49d4-aad9-32f0175a819c" data-hs-cf-bound="true">
<div class="hs_email hs-email hs-fieldtype-text field hs-form-field"><label id="label-email-c5d75458-f8b1-49d4-aad9-32f0175a819c" class="" placeholder="Enter your Business Email Address"
for="email-c5d75458-f8b1-49d4-aad9-32f0175a819c"><span>Business Email Address</span><span class="hs-form-required">*</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="email-c5d75458-f8b1-49d4-aad9-32f0175a819c" name="email" required="" placeholder="" type="email" class="hs-input" inputmode="email" autocomplete="email" value=""></div>
</div>
<div class="hs_utm_campaign hs-utm_campaign hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_campaign-c5d75458-f8b1-49d4-aad9-32f0175a819c" class="" placeholder="Enter your utm_campaign"
for="utm_campaign-c5d75458-f8b1-49d4-aad9-32f0175a819c"><span>utm_campaign</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_campaign" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_utm_content hs-utm_content hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_content-c5d75458-f8b1-49d4-aad9-32f0175a819c" class="" placeholder="Enter your utm_content"
for="utm_content-c5d75458-f8b1-49d4-aad9-32f0175a819c"><span>utm_content</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_content" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_utm_source hs-utm_source hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_source-c5d75458-f8b1-49d4-aad9-32f0175a819c" class="" placeholder="Enter your utm_source"
for="utm_source-c5d75458-f8b1-49d4-aad9-32f0175a819c"><span>utm_source</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_source" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_utm_medium hs-utm_medium hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_medium-c5d75458-f8b1-49d4-aad9-32f0175a819c" class="" placeholder="Enter your utm_medium"
for="utm_medium-c5d75458-f8b1-49d4-aad9-32f0175a819c"><span>utm_medium</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_medium" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_utm_term hs-utm_term hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_term-c5d75458-f8b1-49d4-aad9-32f0175a819c" class="" placeholder="Enter your utm_term"
for="utm_term-c5d75458-f8b1-49d4-aad9-32f0175a819c"><span>utm_term</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_term" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_submit hs-submit">
<div class="hs-field-desc" style="display: none;"></div>
<div class="actions"><input type="submit" class="hs-button primary large" value="Subscribe Now"></div>
</div><input name="hs_context" type="hidden"
value="{"embedAtTimestamp":"1733399024136","formDefinitionUpdatedAt":"1732862268976","lang":"en","embedType":"REGULAR","disableCookieSubmission":"true","notifyHubSpotOwner":"true","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36","pageTitle":"Privilege Escalation Risks in ‘needrestart’ Utility Threaten Linux Systems; OSS-Fuzz Finds 26 Hidden Flaws - SOCRadar® Cyber Intelligence Inc.","pageUrl":"https://socradar.io/privilege-escalation-risks-in-needrestart-utility-threaten-linux-systems-oss-fuzz-finds-26-hidden-flaws/","isHubSpotCmsGeneratedPage":false,"hutk":"0e290996bb9adaec17f1083ce573bc9f","__hsfp":1372317473,"__hssc":"83077705.1.1733399028911","__hstc":"83077705.0e290996bb9adaec17f1083ce573bc9f.1733399028911.1733399028911.1733399028911.1","formTarget":"#hbspt-form-53874af5-16e1-4260-93f1-476eed55c441","rumScriptExecuteTime":3971.800001144409,"rumTotalRequestTime":4206.400001525879,"rumTotalRenderTime":4221.60000038147,"rumServiceResponseTime":234.60000038146973,"rumFormRenderTime":15.19999885559082,"connectionType":"4g","firstContentfulPaint":0,"largestContentfulPaint":0,"locale":"en","timestamp":1733399028927,"originalEmbedContext":{"portalId":"21028238","formId":"c5d75458-f8b1-49d4-aad9-32f0175a819c","region":"na1","target":"#hbspt-form-53874af5-16e1-4260-93f1-476eed55c441","isBuilder":false,"isTestPage":false,"isPreview":false,"deactivateSmartForm":true,"css":"","isMobileResponsive":true,"formData":{"cssClass":"hs-form stacked hs-custom-form"}},"correlationId":"53874af5-16e1-4260-93f1-476eed55c441","renderedFieldsIds":["email","utm_campaign","utm_content","utm_source","utm_medium","utm_term"],"captchaStatus":"NOT_APPLICABLE","emailResubscribeStatus":"NOT_APPLICABLE","isInsideCrossOriginFrame":false,"source":"forms-embed-1.6227","sourceName":"forms-embed","sourceVersion":"1.6227","sourceVersionMajor":"1","sourceVersionMinor":"6227","allPageIds":{},"_debug_embedLogLines":[{"clientTimestamp":1733399024193,"level":"INFO","message":"Retrieved customer callbacks used on embed context: [\"onFormSubmit\"]"},{"clientTimestamp":1733399024193,"level":"INFO","message":"Retrieved pageContext values which may be overriden by the embed context: {\"pageTitle\":\"Privilege Escalation Risks in ‘needrestart’ Utility Threaten Linux Systems; OSS-Fuzz Finds 26 Hidden Flaws - SOCRadar® Cyber Intelligence Inc.\",\"pageUrl\":\"https://socradar.io/privilege-escalation-risks-in-needrestart-utility-threaten-linux-systems-oss-fuzz-finds-26-hidden-flaws/\",\"userAgent\":\"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36\",\"isHubSpotCmsGeneratedPage\":false}"},{"clientTimestamp":1733399024194,"level":"INFO","message":"Retrieved countryCode property from normalized embed definition response: \"US\""},{"clientTimestamp":1733399028924,"level":"INFO","message":"Retrieved analytics values from API response which may be overriden by the embed context: {\"hutk\":\"0e290996bb9adaec17f1083ce573bc9f\"}"}]}"><iframe
name="target_iframe_c5d75458-f8b1-49d4-aad9-32f0175a819c" style="display: none;"></iframe>
</form>Text Content
* Products Products
EXTENDED THREAT INTELLIGENCE PLATFORM
Threat intelligence enriched with External Attack Surface Management, Brand
Protection, and Dark Web Radar.
Plans & Pricing
Advanced Dark Web Monitoring
Protect your business from the dangers lurking in the hidden corners of the
internet.
Cyber Threat Intelligence
Effective threat hunting and threat actor tracking with behavioral analytics.
Attack Surface Management
Discover your assets with a hacker mindset.
Brand Protection
Stay ahead of threat actors with actionable intelligence alerts.
Supply Chain Intelligence
Evaluate the security posture of your entire supply network.
See Modules
* Solutions Solutions
Use Cases
Your guide in harnessing the full potential of our platform.
Credentials & Data Leak Detection
Phishing Domain Detection
VIP Protection
IOC Enrichment & SOAR Integration
Customer Stories
Hear SOCRadar's impressive achievements from our clients.
Integrations
Automate and operationalize your security operations.
Professional Services
Consulting and professional services for cybersecurity excellence.
* Plans & Pricing Plans & Pricing
* Resources Resources
Reports
Industry, sector, and region-based in-depth research.
Country Reports
Industry Reports
Dark Web Reports
Radar
Discover the heartbeat of cyberspace through a collection showcasing the
latest incidents.
Dark Web Index
Leaked Large Databases
Major Cyber Attacks
Critical Vulnerabilities
Financial Data Breaches
CTI Glossary
Solution Brief
Discover how XTI empowers organizations to proactively identify, mitigate,
and respond to evolving cyber threats.
On-Demand Webinars
Register for our live webinars, and watch our on-demand webinars instantly.
Whitepapers
Dive deep into the world of cyber threats, advanced analysis techniques, and
cutting-edge strategies.
Blog
Stay informed and up-to-date on the latest cybersecurity trends.
SOCRadar Academy
Explore SOCRadar's learning experience to fuel your cybersecurity journey
with insights that exceed industry standards.
SOCRadar University
We offer expert-led, and exclusive trainings to help you master the latest in
cybersecurity, trusted by over 2,000 top companies.
* Free Tools Free Tools
Dark Web Report
Find out how popular you are on the dark web.
IOC Radar
Power your search with SOCRadar's IOC Radar.
Country Threat Landscape Report
Gain more insight into what’s happening in your company’s operating regions.
Industry Threat Landscape Report
Gain industry-based insights into the cybercrime ecosystem.
External Threat Assessment Report
Instantly access dark web findings about your organization's assets.
External Attack Surface
Get direct visibility into all technology assets facing the internet.
Account Breach
Check if there is anything about you in SOCRadar's ever-expanding breach
database.
Dark Mirror
Track threat actors and groups by country or industry for effective
follow-up.
Campaigns
Get detailed information on common cyberattack campaigns.
SOC Tools
All-in-one next-generation tools for investigating everyday events like
phishing, malware, account breach, etc.
Threat Actors
Explore threat actors' tactics, techniques, activities, and detailed profiles
targeting your industry or region.
* Company Company
About Us
Let's get to know each other better.
Partners
Broaden your market reach and increase ARR with SOCRadar Extended Threat
Intelligence.
Events
Get informed of our upcoming events.
Press
Latest news about our platform, company, and what’s being said about us.
Career
Begin an extraordinary journey in your professional path with SOCRadar.
Contact
We'd like to hear from you.
AI Workshop
SOCRadar Training Series - Mastering AI in Cybersecurity From Theory to
Practice
Free Trial
Become a Partner
Login
Blog
Plans & Pricing
Login
Free Trial
Become a Partner
Table Of Content
Privilege Escalation Risks in ‘needrestart’ Utility Threaten Linux Systems;
OSS-Fuzz Finds 26 Hidden Flaws What Are the Vulnerabilities in the ‘needrestart’
Utility? Which Ubuntu Releases Are Impacted? How Can You Address the
Vulnerabilities in needrestart? Act Now – Update Vulnerable Systems Without
Delay AI Finds Decades-Old OpenSSL Vulnerability with Fuzzing (CVE-2024-9143 and
More)
Type your domain to get your free dark web report
Home
Resources
Blog
Nov 21, 2024
7 Mins Read
PRIVILEGE ESCALATION RISKS IN ‘NEEDRESTART’ UTILITY THREATEN LINUX SYSTEMS;
OSS-FUZZ FINDS 26 HIDDEN FLAWS
Recent findings have exposed high-severity flaws in the needrestart utility, a
key component in Ubuntu Server installations.
The utility’s primary function is to check if a system or its services require a
restart after software updates, especially when shared libraries are updated.
Without a restart, older versions of libraries may remain in use, leaving
systems vulnerable despite the updates.
While vital for system maintenance, the tool’s expanded capabilities and
integration with Python and Ruby interpreters since 2014, have inadvertently
introduced exploitable vulnerabilities. These vulnerabilities enable local
privilege escalation, putting system integrity and security at risk.
Additionally, Google’s OSS-Fuzz platform marked a significant advancement,
leveraging AI-powered fuzzing to identify 26 hidden vulnerabilities, including
one in the popular OpenSSL library.
WHAT ARE THE VULNERABILITIES IN THE ‘NEEDRESTART’ UTILITY?
Recent findings have exposed five high-severity vulnerabilities in the
needrestart utility, posing a serious risk to system security. These flaws allow
unprivileged users to escalate their privileges and gain root access, granting
full control over affected systems. Exploiting such access, attackers could
compromise sensitive data, deploy malware, or disrupt operations entirely.
The root cause of these vulnerabilities lies in how needrestart interacts with
interpreters such as Python and Ruby. In the case of CVE-2024-48990 and
CVE-2024-48992, attackers can manipulate environment variables like PYTHONPATH
and RUBYLIB, tricking needrestart into executing malicious code during
interpreter initialization.
Details of CVE-2024-48990 (SOCRadar Vulnerability Intelligence) – According to
the module, a PoC exploit for the flaw is already available.
For CVE-2024-48991, attackers exploit a time-of-check to time-of-use (TOCTOU)
race condition within the Python interpreter’s initialization. Then, they can
hijack the process to execute arbitrary commands, gaining unauthorized access to
system functions.
Lastly, in the case of CVE-2024-10224 and CVE-2024-11003, needrestart’s
interaction with the Module::ScanDeps Perl module is exploited to achieve root
privileges. Attackers provide crafted inputs, which the module processes to
execute malicious shell commands.
These vulnerabilities, except for CVE-2024-10224, are rated as high severity
with CVSS scores of 7.8. CVE-2024-10224, with a medium severity rating of 5.3,
does not independently enable privilege escalation. However, it becomes a
serious issue when combined with CVE-2024-11003, as needrestart passes
attacker-controlled inputs to Module::ScanDeps with root permissions.
Details of CVE-2024-10224 (SOCRadar Vulnerability Intelligence)
Another alarming aspect of these flaws is their accessibility. No user
interaction is required for exploitation – once attackers gain local access,
they can easily exploit these CVEs.
WHICH UBUNTU RELEASES ARE IMPACTED?
The needrestart vulnerabilities affect multiple Ubuntu releases, as well as
other Linux distributions including Debian, including both server and desktop
environments where the utility is installed. The impacted versions are tied to
specific package releases:
* needrestart: Versions up to 3.6-8ubuntu4
* libmodule-scandeps-perl: Versions below 1.35-1
These vulnerabilities are particularly concerning for Ubuntu Server
installations of Jammy (22.04), Noble (24.04), and Oracular (24.10), where
needrestart is installed by default. Desktop installations and older server
versions, such as Focal (20.04), are only vulnerable if the utility was manually
installed.
CHECK IF YOUR SYSTEM IS VULNERABLE
Users can verify if their system is running an affected version of needrestart
or libmodule-scandeps-perl by running the following command:
apt list –installed | grep “^(needrestart|libmodule-scandeps-perl)”
Compare the output with the affected versions listed above. If your system
matches any of these versions, immediate action is required to mitigate
potential risks.
HOW CAN YOU ADDRESS THE VULNERABILITIES IN NEEDRESTART?
Addressing the needrestart vulnerabilities is critical to maintaining system
security and preventing potential exploitation. Users are strongly advised to
take the following actions:
The most effective solution is to update the affected packages to their patched
versions. To update your system, run:
sudo apt update && sudo apt upgrade
Alternatively, if a full upgrade isn’t feasible, target the specific vulnerable
packages:
sudo apt update && sudo apt install –only-upgrade needrestart
libmodule-scandeps-perl
For systems with unattended-upgrades enabled (default in Ubuntu 16.04 LTS and
later), these patches will be applied automatically within 24 hours.
If updates cannot be applied immediately, a temporary mitigation is to disable
the vulnerable interpreter scanning feature in needrestart. To do this:
1. Edit the configuration file: sudo nano /etc/needrestart/needrestart.conf
2. Add or modify the following line: $nrconf{interpscan} = 0;
3. Save and exit the editor.
This disables the interpreter scanning feature, reducing exposure to
exploitation. However, this is not a permanent solution, and you should restore
the original configuration after applying the updates.
ACT NOW – UPDATE VULNERABLE SYSTEMS WITHOUT DELAY
With the high-risk potential of needrestart vulnerabilities, immediate updates
are essential, particularly for server images like Jammy, Noble, and Oracular
where needrestart is installed by default. In environments where the utility was
added manually, verify its installation and address vulnerabilities promptly to
avoid potential exploits.
For a proactive approach to managing vulnerabilities, SOCRadar’s Vulnerability
Intelligence and Attack Surface Management (ASM) modules work together, enabling
your organization to:
* Identify critical vulnerabilities early with real-time alerts and actionable
insights.
* Prioritize risks to focus on vulnerabilities that pose the greatest threat.
* Visualize your attack surface, uncovering exposed assets that could be
targeted by attackers.
* Streamline mitigation efforts by integrating seamlessly into your security
workflows for faster resolution.
Quickly address issues like needrestart vulnerabilities before attackers exploit
them and strengthen your defenses against evolving threats.
SOCRadar’s Vulnerability Intelligence module page
Stay informed and secure with SOCRadar’s intelligence-driven platform. Also, for
more technical information on these vulnerabilities and remediation steps, refer
to the following resources:
* Research Blog
* Detailed Technical Insights
* Ubuntu Security Advisory
Acting promptly can safeguard systems from privilege escalation and broader
compromises.
AI FINDS DECADES-OLD OPENSSL VULNERABILITY WITH FUZZING (CVE-2024-9143 AND MORE)
After examining the critical vulnerabilities in needrestart, attention now
shifts to 26 previously hidden vulnerabilities identified by Google’s OSS-Fuzz
platform. Leveraging AI-powered fuzzing techniques, these findings highlight
AI’s potential to uncover long-standing security flaws that traditional methods
have overlooked.
One key discovery, CVE-2024-9143, involves an out-of-bounds memory flaw in
OpenSSL’s elliptic curve APIs. This vulnerability, capable of enabling attackers
to execute arbitrary code or crash applications, had remained undetected for
decades until its identification through AI-powered fuzzing.
Details of CVE-2024-9143 (SOCRadar Vulnerability Intelligence)
Since August 2023, OSS-Fuzz has utilized Large Language Models (LLMs) to improve
fuzz target coverage, uncovering flaws even in code previously tested by humans.
Google’s future plans for OSS-Fuzz include advancing triaging automation for
reliable vulnerability reporting, integrating debugging tools for quicker
resolutions, and eventually automating patch generation.
For further details, visit Google’s security blog.
Share :
Related Articles
Veeam Service Provider Console (VSPC) Users Urged to Patch CVE-2024-42448 and
CVE-2024-42449
Dec 04, 2024
Old Cisco ASA Vulnerability (CVE-2014-2120) Fuels Androxgh0st Botnet Activity
Dec 04, 2024
International Operation Dismantles MATRIX: A Sophisticated Encrypted Messaging
Service
Dec 03, 2024
Zyxel Firewalls Exploited for Ransomware Attacks; 20 Security Flaws Discovered
in Advantech Access Points
Nov 29, 2024
RomCom Backdoor Attacks Use Zero-Day Exploits in Mozilla and Windows
(CVE-2024-9680 & CVE-2024-49039)
Nov 27, 2024
Subscribe to our newsletter and stay updated on the latest insights!
Business Email Address*
utm_campaign
utm_content
utm_source
utm_medium
utm_term
Subscribe to our newsletter and stay updated on the latest insights!
Business Email Address*
utm_campaign
utm_content
utm_source
utm_medium
utm_term
SOCRadar
* Extended Threat Intelligence
* Attack Surface Management
* Dark Web Monitoring
* Brand Protection
* Cyber Threat Intelligence
* Supply Chain Intelligence
Use Cases
* Credential & Data Leak Detection
* Phishing Domain Detection & Takedown
* VIP Protection
* IOC Enrichment & SOAR Integration
Resources
* Reports
* On-Demand Webinars
* Whitepapers
* Solution Brief
* Blog
Free Tools
* Dark Web Report
* Industry Threat Landscape Report
* Campaigns
* IOC Radar
* External Threat Assessment Report
* Account Breach
* SOC Tools
* Country Threat Landscape Report
* External Attack Surface
* Dark Mirror
Company
* About Us
* Events
* Career
* Partners
* Press
* Contact
* Media & Press Kit
* Security Info
Privacy Policy
Information Security Policy
Free Services Terms and Conditions
Terms & Conditions and Refund Policy
Non-Disclosure Agreement
© 2024 SOCRadar. All rights reserved.
PROTECTION OF PERSONAL DATA COOKIE POLICY FOR THE INTERNET SITE
Protecting your personal data is one of the core principles of our organization,
SOCRadar, which operates the internet site (www.socradar.com). This Cookie Usage
Policy (“Policy”) explains the types of cookies used and the conditions under
which they are used to all website visitors and users.
Cookies are small text files stored on your computer or mobile device by the
websites you visit.
Cookies are commonly used to provide you with a personalized experience while
using a website, enhance the services offered, and improve your overall browsing
experience, contributing to ease of use while navigating a website. If you
prefer not to use cookies, you can delete or block them through your browser
settings. However, please be aware that this may affect your usage of our
website. Unless you change your cookie settings in your browser, we will assume
that you accept the use of cookies on this site.
1. WHAT KIND OF DATA IS PROCESSED IN COOKIES?
Cookies on websites collect data related to your browsing and usage preferences
on the device you use to visit the site, depending on their type. This data
includes information about the pages you access, the services and products you
explore, your preferred language choice, and other preferences.
2. WHAT ARE COOKIES AND WHAT ARE THEIR PURPOSES?
Cookies are small text files stored on your device or web server by the websites
you visit through your browsers. These small text files, containing your
preferred language and other settings, help us remember your preferences on your
next visit and assist us in making improvements to our services to enhance your
experience on the site. This way, you can have a better and more personalized
user experience on your next visit.
The main purposes of using cookies on our Internet Site are as follows:
* Improve the functionality and performance of the website to enhance the
services provided to you,
* Enhance and introduce new features to the Internet Site and customize the
provided features based on your preferences,
* Ensure legal and commercial security for the Internet Site, yourself, and the
Organization, and prevent fraudulent transactions through the Site,
* Fulfill legal and contractual obligations, including those arising from Law
No. 5651 on the Regulation of Publications on the Internet and the Fight
Against Crimes Committed Through These Publications, as well as the
Regulation on the Procedures and Principles Regarding the Regulation of
Publications on the Internet.
3. TYPES OF COOKIES USED ON OUR INTERNET SITE 3.1. Session Cookies
Session cookies ensure the smooth operation of the internet site during your
visit. They are used for purposes such as ensuring the security and continuity
of our sites and your visits. Session cookies are temporary cookies and are
deleted when you close your browser; they are not permanent.
3.2. Persistent Cookies
These cookies are used to remember your preferences and are stored on your
device through browsers. Persistent cookies remain stored on your device even
after you close your browser or restart your computer. These cookies are stored
in your browser’s subfolders until deleted from your browser’s settings. Some
types of persistent cookies can be used to provide personalized recommendations
based on your usage purposes.
With persistent cookies, when you revisit our website with the same device, the
website checks if a cookie created by our website exists on your device. If so,
it is understood that you have visited the site before, and the content to be
presented to you is determined accordingly, offering you a better service.
3.3. Mandatory/Technical Cookies
Mandatory cookies are essential for the proper functioning of the visited
internet site. The purpose of these cookies is to provide necessary services by
ensuring the operation of the site. For example, they allow access to secure
sections of the internet site, use of its features, and navigation.
3.4. Analytical Cookies
These cookies gather information about how the website is used, the frequency
and number of visits, and show how visitors navigate to the site. The purpose of
using these cookies is to improve the operation of the site, increase its
performance, and determine general trend directions. They do not contain data
that can identify visitors. For example, they show the number of error messages
displayed or the most visited pages.
3.5. Functional Cookies
Functional cookies remember the choices made by visitors within the site and
recall them during the next visit. The purpose of these cookies is to provide
ease of use to visitors. For example, they prevent the need to re-enter the
user’s password on each page visited by the site user.
3.6. Targeting/Advertising Cookies
They measure the effectiveness of advertisements shown to visitors and calculate
how many times ads are displayed. The purpose of these cookies is to present
personalized advertisements to visitors based on their interests.
Similarly, they determine the specific interests of visitors’ navigation and
present appropriate content. For example, they prevent the same advertisement
from being shown again to the visitor in a short period.
4. HOW TO MANAGE COOKIE PREFERENCES?
To change your preferences regarding the use of cookies, block or delete
cookies, you only need to change your browser settings.
Many browsers offer options to accept or reject cookies, only accept certain
types of cookies, or receive notifications from the browser when a website
requests to store cookies on your device.
Also, it is possible to delete previously saved cookies from your browser.
If you disable or reject cookies, you may need to manually adjust some
preferences, and certain features and services on the website may not work
properly as we will not be able to recognize and associate with your account.
You can change your browser settings by clicking on the relevant link from the
table below.
5. EFFECTIVE DATE OF THE INTERNET SITE PRIVACY POLICY
The Internet Site Privacy Policy is dated The effective date of the Policy will
be updated if the entire Policy or specific sections are renewed. The Privacy
Policy is published on the Organization’s website (www.socradar.com) and made
accessible to relevant individuals upon request.
SOCRadar
Address: 651 N Broad St, Suite 205 Middletown, DE 19709 USA
Phone: +1 (571) 249-4598
Email: info@socradar.io
Website: www.socradar.com