Summary: Researchers at Qualys have discovered a vulnerability (CVE-2024-11003) in needrestart, a utility that detects services and processes needing a restart after software updates. The vulnerability originates from the unsafe handling of data passed to a library called Modules::ScanDeps, which can be exploited to execute arbitrary shell commands by a local attacker. This article will provide an explanation of the vulnerability, code snippets demonstrating the issue, and links to the original references.
Introduction
Needrestart is a popular utility designed to find and restart services and processes that require a restart following software updates. These updates typically include essential security patches, bug fixes, and new features. However, researchers from Qualys have discovered a local code execution vulnerability in needrestart versions before 3.8. The vulnerability, tagged as CVE-2024-11003, is linked to another vulnerability in the Modules::ScanDeps library (CVE-2024-10224).
Vulnerability Details
The issue revolves around the fact that needrestart, before version 3.8, passes unsanitized data to the library Modules::ScanDeps, which is abstracted to handle safe input only. This could potentially allow a local attacker to execute arbitrary shell commands.
The following code snippet demonstrates the improper sanitization of data
# ... Needrestart main program code ...
my %sp_hash = (
# Some safe hash entries
'libpcre' => qr/^pcre$/m,
'libGL' => qr/^libGL\.$/m,
# ... more code ...
);
my $nsdeps = qr/^(?:${\(join('|', keys %sp_hash))})$/mo;
# ... end of main program code ...
# ... in the Modules::ScanDeps library code.
# Data is passed without sanitization and could contain unexpected values.
foreach (keys %{$dep}) {
# user-defined regex patterns are evaluated using user-supplied input (unsanitized)
my @matching_keys = grep { $dep->{$_} =~ $user_defined_pattern } keys %{$dep};
# ... more code ...
}
Links to Original References
- Qualys Advisory: CVE-2024-11003
- Needrestart GitHub Repository: needrestart
- Modules::ScanDeps library: CVE-2024-10224
Exploit Details
A local attacker who has access to a machine running needrestart could provide specially crafted input to exploit this vulnerability and execute arbitrary shell commands. For instance, modifying the %sp_hash with a pattern to match unsanitized strings could lead to the execution of arbitrary commands.
Mitigation
It is advised to upgrade to needrestart version 3.8 or later, which addresses the vulnerability. Additionally, ensure that your system is updated regularly and patched against known vulnerabilities.
Conclusion
This vulnerability emphasizes the importance of sanitizing input data properly, especially when passing data to libraries that assume it to be safe. Developers and administrators alike must take precautions to verify the security of the libraries they use and remain vigilant in handling potentially unsafe data. By staying informed about the latest security findings and addressing these vulnerabilities promptly, we can help create a more secure computing environment for everyone.
Timeline
Published on: 11/19/2024 18:15:19 UTC
Last modified on: 11/19/2024 21:56:45 UTC