CVE-2024-11003
published 2024-11-19CVE-2024-11003: Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library (Modules::ScanDeps) which expects safe input. This could allow a…
PriorityP352high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
11.54%
95.5th percentile
Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library (Modules::ScanDeps) which expects safe input. This could allow a local attacker to execute arbitrary shell commands. Please see the related CVE-2024-10224 in Modules::ScanDeps.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | needrestart | < needrestart 3.6-4+deb12u2 (bookworm) | needrestart 3.6-4+deb12u2 (bookworm) |
| needrestart | needrestart | >= 0 < 3.5-4+deb11u4 | 3.5-4+deb11u4 |
| needrestart | needrestart | >= 0 < 3.6-4+deb12u2 | 3.6-4+deb12u2 |
| needrestart | needrestart | >= 0 < 3.7-3.1 | 3.7-3.1 |
| needrestart | needrestart | >= 0 < 3.7-3.1 | 3.7-3.1 |
| needrestart | needrestart | >= 0 < 3.5-5ubuntu2.3 | 3.5-5ubuntu2.3 |
| needrestart | needrestart | >= 0 < 3.5-5ubuntu2.2 | 3.5-5ubuntu2.2 |
| needrestart | needrestart | >= 0 < 3.5-5ubuntu2.4 | 3.5-5ubuntu2.4 |
| needrestart | needrestart | >= 0 < 3.6-7ubuntu4.4 | 3.6-7ubuntu4.4 |
| needrestart | needrestart | >= 0 < 3.6-7ubuntu4.3 | 3.6-7ubuntu4.3 |
| needrestart | needrestart | >= 0 < 3.6-7ubuntu4.5 | 3.6-7ubuntu4.5 |
| needrestart | needrestart | >= 0 < 2.6-1ubuntu0.1~esm2 | 2.6-1ubuntu0.1~esm2 |
| needrestart | needrestart | >= 0 < 2.6-1ubuntu0.1~esm1 | 2.6-1ubuntu0.1~esm1 |
| needrestart | needrestart | >= 0 < 2.6-1ubuntu0.1~esm3 | 2.6-1ubuntu0.1~esm3 |
| needrestart | needrestart | >= 0 < 3.1-1ubuntu0.1+esm2 | 3.1-1ubuntu0.1+esm2 |
| needrestart | needrestart | >= 0 < 3.1-1ubuntu0.1+esm1 | 3.1-1ubuntu0.1+esm1 |
| needrestart | needrestart | >= 0 < 3.1-1ubuntu0.1+esm3 | 3.1-1ubuntu0.1+esm3 |
| needrestart | needrestart | >= 0 < 3.4-6ubuntu0.1+esm2 | 3.4-6ubuntu0.1+esm2 |
| needrestart | needrestart | >= 0 < 3.4-6ubuntu0.1+esm1 | 3.4-6ubuntu0.1+esm1 |
| needrestart | needrestart | >= 0 < 3.4-6ubuntu0.1+esm3 | 3.4-6ubuntu0.1+esm3 |
| needrestart_project | needrestart | < 3.8 | 3.8 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH
vendor_debian5.3MEDIUM
vendor_ubuntu5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
needrestart regression
osv·2024-12-05·CVSS 7.8
CVE-2024-11003 [HIGH] needrestart regression
needrestart regression
USN-7117-1 fixed vulnerabilities in needrestart. The update introduced a
regression in needrestart. This update fixes the problem for LXC
containers.
We apologize for the inconvenience.
Original advisory details:
Qualys discovered that needrestart passed unsanitized data to a library
(libmodule-scandeps-perl) which expects safe input. A local attacker could
possibly use this issue to execute arbitrary code as root.
(CVE-2024-11003)
Qualys discovered that the library libmodule-scandeps-perl incorrectly
parsed perl code. This could allow a local attacker to execute arbitrary
shell commands. (CVE-2024-10224)
Qualys discovered that needrestart incorrectly used the PYTHONPATH
environment variable to spawn a new Python interpreter. A local attacker
could possibly use
OSV
needrestart regression
osv·2024-11-26·CVSS 7.8
CVE-2024-11003 [HIGH] needrestart regression
needrestart regression
USN-7117-1 fixed vulnerabilities in needrestart. The update introduced a
regression in needrestart. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Qualys discovered that needrestart passed unsanitized data to a library
(libmodule-scandeps-perl) which expects safe input. A local attacker could
possibly use this issue to execute arbitrary code as root.
(CVE-2024-11003)
Qualys discovered that the library libmodule-scandeps-perl incorrectly
parsed perl code. This could allow a local attacker to execute arbitrary
shell commands. (CVE-2024-10224)
Qualys discovered that needrestart incorrectly used the PYTHONPATH
environment variable to spawn a new Python interpreter. A local attacker
could possibly use this issue to exec
OSV
CVE-2024-11003: Qualys discovered that needrestart, before version 3
osv·2024-11-19·CVSS 7.8
CVE-2024-11003 [HIGH] CVE-2024-11003: Qualys discovered that needrestart, before version 3
Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library (Modules::ScanDeps) which expects safe input. This could allow a local attacker to execute arbitrary shell commands. Please see the related CVE-2024-10224 in Modules::ScanDeps.
OSV
Several security issues were fixed in needrestart and Module::ScanDeps
osv·2024-11-19·CVSS 7.8
CVE-2024-11003 [HIGH] Several security issues were fixed in needrestart and Module::ScanDeps
Several security issues were fixed in needrestart and Module::ScanDeps
Qualys discovered that needrestart passed unsanitized data to a library
(libmodule-scandeps-perl) which expects safe input. A local attacker could
possibly use this issue to execute arbitrary code as root.
(CVE-2024-11003)
Qualys discovered that the library libmodule-scandeps-perl incorrectly
parsed perl code. This could allow a local attacker to execute arbitrary
shell commands. (CVE-2024-10224)
Qualys discovered that needrestart incorrectly used the PYTHONPATH
environment variable to spawn a new Python interpreter. A local attacker
could possibly use this issue to execute arbitrary code as root.
(CVE-2024-48990)
Qualys discovered that needrestart incorrectly checked the path to the
Python interpreter. A local atta
GHSA
GHSA-9f4h-r2c7-m6w4: Qualys discovered that needrestart, before version 3
ghsa_unreviewed·2024-11-19·CVSS 5.3
CVE-2024-11003 [MEDIUM] CWE-78 GHSA-9f4h-r2c7-m6w4: Qualys discovered that needrestart, before version 3
Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library (Modules::ScanDeps) which expects safe input. This could allow a local attacker to execute arbitrary shell commands. Please see the related CVE-2024-10224 in Modules::ScanDeps.
Ubuntu
needrestart regression
vendor_ubuntu·2024-12-05·CVSS 5.3
[MEDIUM] needrestart regression
Title: needrestart regression
Summary: USN-7117-1 caused some regression in needrestart.
USN-7117-1 fixed vulnerabilities in needrestart. The update introduced a
regression in needrestart. This update fixes the problem for LXC
containers.
We apologize for the inconvenience.
Original advisory details:
Qualys discovered that needrestart passed unsanitized data to a library
(libmodule-scandeps-perl) which expects safe input. A local attacker could
possibly use this issue to execute arbitrary code as root.
(CVE-2024-11003)
Qualys discovered that the library libmodule-scandeps-perl incorrectly
parsed perl code. This could allow a local attacker to execute arbitrary
shell commands. (CVE-2024-10224)
Qualys discovered that needrestart incorrectly used the PYTHONPATH
environment variable to
Ubuntu
needrestart regression
vendor_ubuntu·2024-11-26·CVSS 5.3
[MEDIUM] needrestart regression
Title: needrestart regression
Summary: USN-7117-1 caused some regression in needrestart.
USN-7117-1 fixed vulnerabilities in needrestart. The update introduced a
regression in needrestart. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Qualys discovered that needrestart passed unsanitized data to a library
(libmodule-scandeps-perl) which expects safe input. A local attacker could
possibly use this issue to execute arbitrary code as root.
(CVE-2024-11003)
Qualys discovered that the library libmodule-scandeps-perl incorrectly
parsed perl code. This could allow a local attacker to execute arbitrary
shell commands. (CVE-2024-10224)
Qualys discovered that needrestart incorrectly used the PYTHONPATH
environment variable to spawn a new Python
Ubuntu
needrestart and Module::ScanDeps vulnerabilities
vendor_ubuntu·2024-11-19·CVSS 5.3
CVE-2024-48991 [MEDIUM] needrestart and Module::ScanDeps vulnerabilities
Title: needrestart and Module::ScanDeps vulnerabilities
Summary: Several security issues were fixed in libmodule-scandeps-perl, needrestart.
Qualys discovered that needrestart passed unsanitized data to a library
(libmodule-scandeps-perl) which expects safe input. A local attacker could
possibly use this issue to execute arbitrary code as root.
(CVE-2024-11003)
Qualys discovered that the library libmodule-scandeps-perl incorrectly
parsed perl code. This could allow a local attacker to execute arbitrary
shell commands. (CVE-2024-10224)
Qualys discovered that needrestart incorrectly used the PYTHONPATH
environment variable to spawn a new Python interpreter. A local attacker
could possibly use this issue to execute arbitrary code as root.
(CVE-2024-48990)
Qualys discovered that needresta
Debian
CVE-2024-11003: needrestart - Qualys discovered that needrestart, before version 3.8, passes unsanitized data ...
vendor_debian·2024·CVSS 5.3
CVE-2024-11003 [MEDIUM] CVE-2024-11003: needrestart - Qualys discovered that needrestart, before version 3.8, passes unsanitized data ...
Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library (Modules::ScanDeps) which expects safe input. This could allow a local attacker to execute arbitrary shell commands. Please see the related CVE-2024-10224 in Modules::ScanDeps.
Scope: local
bookworm: resolved (fixed in 3.6-4+deb12u2)
bullseye: resolved (fixed in 3.5-4+deb11u4)
forky: resolved (fixed in 3.7-3.1)
sid: resolved (fixed in 3.7-3.1)
trixie: resolved (fixed in 3.7-3.1)
No detection rules found.
No public exploits indexed.
Qualys
Mitigate High-Risk Vulnerabilities Using TruRisk | Qualys
blogs_qualys·2024-12-04·CVSS 7.5
CVE-2013-2900 [HIGH] Mitigate High-Risk Vulnerabilities Using TruRisk | Qualys
#### Table of Contents
- TruRisk Mitigate: A Flexible Approach to Vulnerability Management
- Managing CVE-2013-2900: WinVerifyTrust Signature Validation Vulnerability
- Mitigating CVE-2024-30078: Windows Wi-Fi Driver Remote Code Execution Vulnerability
- Managing needrestart Vulnerabilities: Addressing Local Privilege Escalation (LPE) Risks
- Key Benefits of TruRisk Mitigate
- Strengthening Security with TruRisk Mitigate
In late 2024, organizations faced over 65 million detections from three critical vulnerabilities—CVE-2013-2900, CVE-2024-38122, and CVE-2024-30078—underscoring the urgent need for proactive vulnerability management. Adding to these challenges, the Qualys Threat Research Unit (TRU) uncovered five Local Privilege Escalation (LPE) vulnerabilities in November within the need
Qualys
Proactively Managing High-Risk Vulnerabilities with TruRisk Mitigate™
blogs_qualys·2024-12-04·CVSS 7.5
CVE-2013-2900 [HIGH] Proactively Managing High-Risk Vulnerabilities with TruRisk Mitigate™
## Table of Contents
TruRisk Mitigate: A Flexible Approach to Vulnerability Management
Managing CVE-2013-2900: WinVerifyTrust Signature Validation Vulnerability
Mitigating CVE-2024-30078: Windows Wi-Fi Driver Remote Code Execution Vulnerability
Managing needrestart Vulnerabilities: Addressing Local Privilege Escalation (LPE) Risks
Key Benefits of TruRisk Mitigate
Strengthening Security with TruRisk Mitigate
In late 2024, organizations faced over 65 million detections from three critical vulnerabilities—CVE-2013-2900, CVE-2024-38122, and CVE-2024-30078—underscoring the urgent need for proactive vulnerability management. Adding to these challenges, the Qualys Threat Research Unit (TRU) uncovered five Local Privilege Escalation (LPE) vulnerabilities in November within the needrestart u
Checkpoint
25th November – Threat Intelligence Report
blogs_checkpoint·2024-11-25
CVE-2024-0012 25th November – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 25th November – Threat Intelligence Report
The Library of Congress, part of the US Capitol complex and home to the world’s largest media collection, was hacked by a foreign adversary, exposing email communications between Library staff and congressional offices from January to September 2024. The hack, described as sophisticated espionage, sought information on legislative inquiries but did not compromise House or Senate networks or the US Copyright Office.
Giant American gambling and lottery company, Internatio
Bleepingcomputer
Ubuntu Linux impacted by decade-old 'needrestart' flaw that gives root
blogs_bleepingcomputer·2024-11-20·CVSS 5.3
CVE-2024-48990 [MEDIUM] Ubuntu Linux impacted by decade-old 'needrestart' flaw that gives root
## Ubuntu Linux impacted by decade-old 'needrestart' flaw that gives root
## Bill Toulas
## Summary of LPE flaws
The five flaws Qualys discovered allow attackers with local access to a vulnerable Linux system to escalate their privilege to root without user interaction.
Complete information about the flaws was made available in a separate text file , but a summary can be found below:
CVE-2024-48990 : Needrestart executes the Python interpreter with a PYTHONPATH environment variable extracted from running processes. If a local attacker controls this variable, they can execute arbitrary code as root during Python initialization by planting a malicious shared library.
CVE-2024-48992 : The Ruby interpreter used by needrestart is vulnerable when processing an attacker-controlled RUBYLIB e
Qualys
Qualys TRU Uncovers Five Local Privilege Escalation Vulnerabilities in needrestart
blogs_qualys·2024-11-19·CVSS 5.3
[MEDIUM] Qualys TRU Uncovers Five Local Privilege Escalation Vulnerabilities in needrestart
## Table of Contents
What is needrestart?
Affected needrestart Versions:
Potential Impact
Steps to Mitigate Risk
Technical Details
Qualys QID Coverage
Mitigate Risk with Qualys TruRisk Mitigate
Discover Vulnerable Assets Using Qualys CyberSecurity Asset Management (CSAM)
Enhance Your Security Posture with Qualys Vulnerability Management, Detection, and Response (VMDR)
Conclusion
The Qualys Threat Research Unit (TRU) has identified five Local Privilege Escalation (LPE) vulnerabilities within the needrestart component, which is installed by default on Ubuntu Server. These vulnerabilities can be exploited by any unprivileged user to gain full root access without requiring user interaction. The identified flaws have been assigned the CVE identifiers CVE-2024-48990, CVE-2024-48991, C
Qualys
Qualys TRU Uncovers 5 Local Privilege Escalation Flaws | Qualys
blogs_qualys·2024-11-19·CVSS 5.3
[MEDIUM] Qualys TRU Uncovers 5 Local Privilege Escalation Flaws | Qualys
#### Table of Contents
- What is needrestart?
- Affected needrestart Versions:
- Potential Impact
- Steps to Mitigate Risk
- Technical Details
- Qualys QID Coverage
- Mitigate Risk with Qualys TruRisk Mitigate
- Discover Vulnerable Assets Using Qualys CyberSecurity Asset Management (CSAM)
- Enhance Your Security Posture with Qualys Vulnerability Management, Detection, and Response (VMDR)
- Conclusion
The Qualys Threat Research Unit (TRU) has identified five Local Privilege Escalation (LPE) vulnerabilities within the needrestart component, which is installed by default on Ubuntu Server. These vulnerabilities can be exploited by any unprivileged user to gain full root access without requiring user interaction. The identified flaws have been assigned the CVE identifiers CVE-2024-48990, CVE-
https://github.com/liske/needrestart/commit/0f80a348883f72279a859ee655f58da34babefb0https://www.cve.org/CVERecord?id=CVE-2024-10224https://www.cve.org/CVERecord?id=CVE-2024-11003https://www.qualys.com/2024/11/19/needrestart/needrestart.txthttp://seclists.org/fulldisclosure/2024/Nov/17https://lists.debian.org/debian-lts-announce/2024/11/msg00014.htmlhttps://www.openwall.com/lists/oss-security/2024/11/19/1
2024-11-19
Published