¡¾·ì϶¹«¸æ¡¿Ubuntu needrestartȨÏÞÌáÉý·ì϶£¨CVE-2024-48990£©

°ä²¼¹¦·ò 2024-11-21

 

 

Ò»¡¢·ì϶¸ÅÊö

·ì϶Ãû³Æ

 Ubuntu needrestartȨÏÞÌáÉý·ì϶

CVE   ID

CVE-2024-48990

·ì϶ÀàÐÍ

LPE

·¢ÏÖ¹¦·ò

2024-11-21

·ì϶ÆÀ·Ö

7.8

·ì϶µÈ¼¶

¸ßΣ

¹¥»÷ÏòÁ¿

±¾µØ

ËùÐèȨÏÞ

µÍ

ÀûÓÃÄѶÈ

µÍ

Óû§½»»¥

ÎÞ

PoC/EXP

δ¹«¿ª

ÔÚÒ°ÀûÓÃ

δ·¢ÏÖ

 

needrestart ÊÇUbuntu ºÍÆäËû»ùÓÚ Debian µÄ Linux ¿¯ÐаæÖг£ÓõÄÒ»¸ö¹¤¾ß£¬£¬ÖØÒªÓÃÓÚ¼ì²âϵͳÖÐÊÇ·ñÓбØÒªÖØÆôµÄ·þÎñ»òÄÚºËÄ£¿£¿£¿é¡£¡£¡£¡£ËüÔÚÈí¼þ°ü¸üкóÔËÐУ¬£¬Ô®ÊÖÖÎÀíÔ±¼ø±ðÄÄЩ·þÎñ»ò¹ý³Ì±ØÒªÖØÐÂÆô¶¯ÒÔʹ¸üÐÂÉúЧ¡£¡£¡£¡£

2024Äê11ÔÂ21ÈÕ£¬£¬OG¶«·½Ìü¼¯ÍÅVSRC¼à²âµ½Ubuntu needrestart°üÖдæÔÚ¶à¸ö±¾µØȨÏÞÌáÉý·ì϶£¬£¬¶ÔÖ¸±êϵͳӵÓб¾µØ½Ó¼ûȨÏ޵Ĺ¥»÷Õß¿ÉÀûÓÃÕâЩ·ì϶ÔÚÎÞÐèÓû§½»»¥µÄÇé¿öϽ«È¨ÏÞÌáÉýµ½root£¬£¬Ä¿Ç°ÕâЩ·ì϶µÄ¼¼Êõϸ½ÚÒѹ«¿ª£¬£¬ÏêÇéÈçÏ£º£º

CVE-2024-48990£º£ºNeedrestart ʹÓôÓÕýÔÚÔËÐеĹý³ÌÖÐÌáÈ¡µÄ PYTHONPATH »·¾³±äÁ¿Ö´ÐÐ Python Ú¹ÊÍÆ÷£¬£¬ÈôÊDZ¾µØ¹¥»÷Õß½ÚÖƸñäÁ¿£¬£¬Äܹ»Í¨¹ýÖ²Èë¶ñÒâ¹²Ïí¿âÔÚ Python ³õʼ»¯ÆÚ¼äÒÔ root Éí·ÝÖ´ÐÐËÁÒâ´úÂë¡£¡£¡£¡£

CVE-2024-48992£º£ºneedrestart ʹÓÃµÄ Ruby Ú¹ÊÍÆ÷ÔÚ´¦Öù¥»÷Õß½ÚÖÆµÄ RUBYLIB »·¾³±äÁ¿Ê±´æÔÚ·ì϶£¬£¬ÔÊÐí±¾µØ¹¥»÷Õßͨ¹ýÏò¹ý³Ì×¢Èë¶ñÒâ¿âÒÔ root Éí·ÝÖ´ÐÐËÁÒâ Ruby ´úÂë¡£¡£¡£¡£

CVE-2024-48991£º£ºneedrestart ÖеľºÕùÇ°Ìá·ì϶ÔÊÐí±¾µØ¹¥»÷ÕßÓöñÒâ¿ÉÖ´ÐÐÎļþ´úÌæÕýÔÚÑéÖ¤µÄ Python Ú¹ÊÍÆ÷¶þ½øÖÆÎļþ£¬£¬ÓÕÆ­ needrestartÔËÐÐÆäα Python Ú¹ÊÍÆ÷£¬£¬´Ó¶øÒÔ root Éí·ÝÖ´ÐÐËÁÒâ´úÂë¡£¡£¡£¡£

CVE-2024-10224/ CVE-2024-11003£º£ºModule::ScanDeps Perl Ä£¿£¿£¿éÓÃÓÚ·ÖÎöÒÀÀµ¹Øϵ£¬£¬ËüÔÊÐíÓû§Í¨¹ý open() ŲÓÃÍⲿÎļþ»òÖ´ÐкÅÁ£¬ÓÉÓÚËü¶ÔÊäÈë²»×ãÑϸñÑéÖ¤£¬£¬¹¥»÷ÕßÄܹ»Ìṩ¶ñÒâÊäÈ룺£ºÊ¹ÓùܵÀ·ûºÅ£¨ÀýÈ罫¡°commands|¡±×÷ΪÎļþÃû´«µÝ£©£¬£¬»ò½«ËÁÒâ×Ö·û´®´«µÝ¸ø À´ÔËÐÐËÁÒâ shell ºÅÁî»òPerl´úÂë¡£¡£¡£¡£ÔÚ CVE-2024-11003 ÖУ¬£¬needrestart ʹÓà Module::ScanDeps À´·ÖÎöÒÀÀµÎļþ£¬£¬ÈôÊÇ needrestart ÔÚÒÔ root ȨÏÞÔËÐÐʱ£¬£¬ÃýÎóµØ½«Óû§¿É¿ØµÄÊäÈ루ÀýÈçÎļþÃû£©´«µÝ¸ø Module::ScanDeps£¬£¬¾Í»áÒÔ root ÌØȨ´¥·¢ CVE-2024-10224·ì϶¡£¡£¡£¡£

 

¶þ¡¢Ó°ÏìÁìÓò

ÊÜÓ°Ïì°ü°æ±¾

0.8 <= needrestart < 3.8

ÊÜÓ°ÏìUbuntu¿¯Ðаæ

ÊÜÓ°ÏìUbuntu°æ±¾

ÊÜÓ°Ïì°üÃû

ÊÜÓ°Ïì°ü°æ±¾

Xenial (16.04)

needrestart

<= 2.6-1

libmodule-scandeps-perl

<= 1.20-1

Bionic (18.04)

needrestart

<= 3.1-1ubuntu0.1

libmodule-scandeps-perl

<= 1.24-1

Focal (20.04)

needrestart

<= 3.4-6ubuntu0.1

libmodule-scandeps-perl

<= 1.27-1

Jammy (22.04)

needrestart

<= 3.5-5ubuntu2.1

libmodule-scandeps-perl

<= 1.31-1

Noble (24.04)

needrestart

<= 3.6-7ubuntu4.1

libmodule-scandeps-perl

<= 1.35-1

Oracular (24.10)

needrestart

<= 3.6-8ubuntu4

libmodule-scandeps-perl

< 1.35-1

×¢£º£ºJammy¡¢Noble ºÍ Oracular °æ±¾ÖÐneedrestart °üÊÇĬÈÏ×°Öõģ¬£¬Òò¶øÕâЩ°æ±¾µÄ·þÎñÆ÷×°ÖûáÊܵ½Ó°Ïì¡£¡£¡£¡£Ö»ÓÐÊÖ¶¯×°ÖÃÁË needrestart ºó£¬£¬Jammy ֮ǰµÄ×ÀÃæ×°ÖúÍĬÈÏ Ubuntu Server ×°ÖòŻáÊܵ½Ó°Ïì¡£¡£¡£¡£


Èý¡¢°²È«´ëÊ©

3.1 Éý¼¶°æ±¾

Ä¿Ç°ÕâЩ·ì϶ÒѾ­ÐÞ¸´£¬£¬ÊÜÓ°ÏìÓû§¿É½«needrestart°ü¸üе½3.8»ò¸ü¸ß°æ±¾£¬£¬UbuntuÓû§¿É½«ÊÜÓ°Ïì°üÉý¼¶µ½ÒÔÏÂÏàÓ¦°æ±¾£º£º

Ubuntu¿¯Ðаæ

ÐÞ¸´°ü°æ±¾

×¢Ã÷

Ubuntu 24.10

libmodule-scandeps-perl - 1.35-1ubuntu0.24.10.1

needrestart - 3.6-8ubuntu4.2

/

Ubuntu 24.04

libmodule-scandeps-perl - 1.35-1ubuntu0.24.04.1

needrestart - 3.6-7ubuntu4.3

/

Ubuntu 22.04

libmodule-scandeps-perl - 1.31-1ubuntu0.1

needrestart - 3.5-5ubuntu2.2

/

Ubuntu 20.04

libmodule-scandeps-perl - 1.27-1ubuntu0.1~esm1

needrestart - 3.4-6ubuntu0.1+esm1

ºÏÓÃÓÚUbuntu Pro

Ubuntu 18.04

libmodule-scandeps-perl - 1.24-1ubuntu0.1~esm1

needrestart - 3.1-1ubuntu0.1+esm1

ºÏÓÃÓÚUbuntu Pro

Ubuntu 16.04

libmodule-scandeps-perl - 1.20-1ubuntu0.1~esm1

needrestart - 2.6-1ubuntu0.1~esm1

ºÏÓÃÓÚUbuntu Pro

 

3.2 һʱ´ëÊ©

1.UbuntuϵͳÉϲ鳭ÊÇ·ñÊܵ½ÕâЩ·ì϶ӰÏì¡£¡£¡£¡£

ÔÚϵͳÉÏÔËÐÐÒÔϺÅÁî²¢½«ÁгöµÄ°æ±¾ÓëÉϱí½øÐбÈÁ¦£º£º

apt list --installed | grep "^\(needrestart\|libmodule-scandeps-perl\)"

2.ÐÞ¸´´ëÊ©¡£¡£¡£¡£

½¨ÒéÉý¼¶ËùÓÐÈí¼þ°ü£º£º

sudo apt update && sudo apt upgrade

ÈôÊDz»ÄÜÖ´Ðд˲Ù×÷£¬£¬Äܹ»Õë¶ÔÊÜÓ°ÏìµÄ×é¼þ½øÐÐÒÔϲÙ×÷£º£º

sudo apt update && sudo apt install --only-upgrade needrestart libmodule-scandeps-perl

unattended-upgradesÖ°ÄÜÔÚUbuntu 16.04 LTS ¼°¸ü¸ß°æ±¾ÖÐĬÈÏÆôÓ㬣¬ÈôÊÇÆôÓôËÖ°ÄÜ£¬£¬ÉÏÊö²¹¶¡½«ÔÚ¿ÉÓúó 24 СʱÄÚ×Ô¶¯ÀûÓᣡ£¡£¡£

3.»º½â´ëÊ©¡£¡£¡£¡£

Åú¸Ä/etc/needrestart/needrestart.conf ÎļþÒÔ½ûÓÃÚ¹ÊÍÆ÷ɨÃèÖ°ÄÜ£¬£¬´Ó¶øÔ¤·À·ì϶±»ÀûÓ㺣º

# Disable interpreter scanners.

$nrconf{interpscan} = 0;

3.3 ͨÓý¨Òé

l  ¶¨ÆÚ¸üÐÂϵͳ²¹¶¡£¡£¡£¡£¬£¬Ï÷¼õϵͳ·ì϶£¬£¬ÌáÉý·þÎñÆ÷µÄ°²È«ÐÔ¡£¡£¡£¡£

l  ¼ÓǿϵͳºÍÍøÂçµÄ½Ó¼û½ÚÖÆ£¬£¬Åú¸Ä·À»ðǽսÊõ£¬£¬¹Ø±Õ·Ç±ØÒªµÄÀûÓö˿ڻò·þÎñ£¬£¬Ï÷¼õ½«Î£ÏÕ·þÎñ£¨ÈçSSH¡¢RDPµÈ£©Â¶³öµ½¹«Íø£¬£¬Ï÷¼õ¹¥»÷Ãæ¡£¡£¡£¡£

l  ʹÓÃÆóÒµ¼¶°²È«²úÆ·£¬£¬ÌáÉýÆóÒµµÄÍøÂ簲ȫ»úÄÜ¡£¡£¡£¡£

l  ¼ÓǿϵͳÓû§ºÍȨÏÞÖÎÀí£¬£¬ÆôÓöà³É·ÖÈÏÖ¤»úÖƺÍ×îСȨÏÞ×¼Ôò£¬£¬Óû§ºÍÈí¼þȨÏÞӦά³ÖÔÚ×îµÍÏ޶ȡ£¡£¡£¡£

l  ÆôÓÃÇ¿ÃÜÂëÕ½Êõ²¢ÉèÖÃΪ¶¨ÆÚÅú¸Ä¡£¡£¡£¡£

3.4 ²Î¿¼Á´½Ó

https://ubuntu.com/blog/needrestart-local-privilege-escalation

https://ubuntu.com/security/notices/USN-7117-1

https://www.qualys.com/2024/11/19/needrestart/needrestart.txt

 

ËÄ¡¢°æ±¾ÐÅÏ¢

°æ±¾

ÈÕÆÚ

±¸×¢

V1.0

2024-11-21

³õ´Î°ä²¼


 

Îå¡¢¸½Â¼

5.1 OG¶«·½Ìü¼ò½é

OG¶«·½Ìü³ÉÁ¢ÓÚ1996Ä꣬£¬ÊÇÓÉÁôÃÀ²©Ê¿ÑÏÍû¼ÑŮʿ´´½¨µÄ¡¢Õ¼ÓÐÆëÈ«×ÔÖ÷֪ʶ²úȨµÄÐÅÏ¢°²È«¸ß¿Æ¼¼ÆóÒµ¡£¡£¡£¡£ÊǹúÄÚ×î¾ßʵÁ¦µÄÐÅÏ¢°²È«²úÆ·¡¢°²È«·þÎñ½â¾ö¹æ»®µÄÁ캽ÆóÒµÖ®Ò»¡£¡£¡£¡£

¹«Ë¾×ܲ¿Î»ÓÚ±±¾©ÊÐÖйشåÈí¼þÔ°OG¶«·½Ìü´óÏ㬣¬¹«Ë¾Ô±¹¤6000ÓàÈË£¬£¬Ñз¢ÍŶÓ1200ÓàÈË, ¼¼Êõ·þÎñÍŶÓ1300ÓàÈË¡£¡£¡£¡£ÔÚÈ«¹ú¸÷Ê¡¡¢ÊС¢×ÔÖÎÇøÉèÁ¢·ÖÖ§»ú¹¹ÁùÊ®¶à¸ö£¬£¬Õ¼Óи²¸ÇÈ«¹úµÄÏúÊÛϵͳ¡¢ÇþµÀϵͳºÍ¼¼ÊõÖ§³Öϵͳ¡£¡£¡£¡£¹«Ë¾ÓÚ2010Äê6ÔÂ23ÈÕÔÚÀö½­ÖÐС°å¹ÒÅÆÉÏÊС£¡£¡£¡££¨¹ÉƱ´úÂ룺£º002439£©

¶àÄêÀ´£¬£¬OG¶«·½ÌüÖÂÁ¦ÓÚÌṩӵÓйú¼Ê¾ºÕùÁ¦µÄ×ÔÖ÷´´Ðµİ²È«²úÆ·ºÍ×î¼Ñʵ¼Ê·þÎñ£¬£¬Ô®ÊÖ¿Í»§È«ÃæÌáÉýÆäIT»ù´¡ÉèÊ©µÄ°²È«ÐԺͳö²úЧÁ¦£¬£¬Îª´òÔìºÍÌáÉý¹ú¼Ê»¯µÄÃñ×åÐÅÏ¢°²È«²úÒµÁì¾üÆ·Åƶø²»Ð¸ÖÂÁ¦¡£¡£¡£¡£

5.2 ¹ØÓÚOG¶«·½Ìü

OG¶«·½Ìü°²È«Ó¦¼±ÏìÓ¦ÖÐÐÄÒÑ°ä²¼1000¶à¸ö·ì϶¹«¸æ΢·çÏÕÔ¤¾¯£¬£¬ÎÒÃǽ«³ÖÐø¸ú×ÙÈ«Çò×îеÄÍøÂ簲ȫÊÂÎñºÍ·ì϶£¬£¬ÎªÆóÒµµÄÐÅÏ¢°²È«±£¼Ý»¤º½¡£¡£¡£¡£

¹Ø×¢ÎÒÃÇ£º£º

image.png