CVE-2024-10224

Published Nov 19, 2024

Last updated 4 days ago

CVSS medium 5.3

Overview

Description
Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a "pesky pipe" (such as passing "commands|" as a filename) or by passing arbitrary strings to eval().
Source
security@ubuntu.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
5.3
Impact score
3.4
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Severity
MEDIUM

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-78

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

3

  1. Got nerd sniped today by @qualys's 5 Linux LPE 0days https://t.co/HC3UQqDRAP Did a PoC for CVE-2024-10224 https://t.co/G4QvRcZXHz

    @rtfmkiesel

    21 Nov 2024

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Canonical’s security team has released updates for the needrestart and libmodule-scandeps-perl packages for all Ubuntu releases. The updates remediate CVE-2024-10224, CVE-2024-11003, CVE-2024-48990, CVE-2024-48991 and CVE-2024-48992. Learn more on the blog https://t.co/vjtSFyCpCK

    @ubuntu

    21 Nov 2024

    6943 Impressions

    15 Retweets

    74 Likes

    6 Bookmarks

    0 Replies

    1 Quote

  3. Great catch(es) with CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003 by @qualys in “needrestart” v0.8 in Ubuntu Linux 21.04. Needrestart v3.8 patches all five. Released yesterday. Full text of the Qualys advisory at https://t.co/Jl3HFVKjQw

    @Sujeet

    20 Nov 2024

    93 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2024-10224 Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell c… https://t.co/kZO6hznMZu

    @CVEnew

    20 Nov 2024

    201 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Was going to let that just be a tweet but it turned into a full blown blogpost - Servers NeedRestart - The Problem with CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003 https://t.co/TBrlK4XeBb

    @nanovms

    20 Nov 2024

    189 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CVE-2024-48990 CVE-2024-48991 CVE-2024-48992 CVE-2024-10224 and CVE-2024-11003 - all probably affecting your ubuntu servers - this is a perfect example of why you should be using unikernels - WTF would you allow some perl to run as root if you yourself don't code in perl? https:

    @nanovms

    19 Nov 2024

    293 Impressions

    0 Retweets

    6 Likes

    0 Bookmarks

    0 Replies

    1 Quote

References