Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2024-11003
CVE-2024-11003:
Linux Debian vulnerability analysis and mitigation
Overview
Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library (Modules::ScanDeps) which expects safe input. This vulnerability, identified as CVE-2024-11003, was disclosed on November 19, 2024, and affects the needrestart package, which is installed by default on Ubuntu Server since version 21.04. The vulnerability could allow a local attacker to execute arbitrary shell commands with root privileges (Qualys Report, Ubuntu Blog).
Technical details
The vulnerability stems from needrestart's interaction with the Perl Module::ScanDeps library. When needrestart calls scan_deps() to analyze Perl scripts, it passes potentially attacker-controlled filenames to the library without proper sanitization. This vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access requirements but high impact potential (NVD).
Impact
The vulnerability allows a local attacker to execute arbitrary shell commands with root privileges. This could lead to complete system compromise, as successful exploitation provides the attacker with full root access to the affected system (Qualys Report).
Mitigation and workarounds
The primary mitigation is to update to needrestart version 3.8 or later, which completely removes the dependency on Module::ScanDeps and uses a simple regex-based approach instead. As a temporary workaround, users can disable the interpreter heuristic in needrestart's config by adding '$nrconf{interpscan} = 0;' to /etc/needrestart/needrestart.conf (Ubuntu Blog, Qualys Report).
Community reactions
The vulnerability was handled through a coordinated disclosure process involving multiple parties including needrestart's maintainer (Thomas Liske), Module::ScanDeps's maintainers, and the Ubuntu Security Team. The response has been praised for its thoroughness, with the maintainers not only patching the immediate vulnerability but also completely removing the dependency on the vulnerable component (Qualys Report).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management