Skip to content
/ CVE-2024-48990 Public

Needrestart, prior to version 3.8, contains a vulnerability that allows local attackers to execute arbitrary code with root privileges. This is achieved by manipulating the PYTHONPATH environment variable to trick needrestart into running the Python interpreter in an unsafe context.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

r0xdeadbeef/CVE-2024-48990

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
README.md
README.md
 
 
e.py
e.py
 
 
lib.c
lib.c
 
 
start.sh
start.sh
 
 

Repository files navigation

Proof of Concept (PoC) for CVE-2024-48990 in needrestart

CVE-2024-48990: Linux Local Privilege Escalation (LPE) via needrestart

How to Use?

  1. Run the script ./start.sh.

    • This will compile a malicious importlib library.
    • It will then start a Python script (e.py) that sets up a listener and waits for needrestart to be executed by the root user.

  2. When needrestart is triggered (typically by an update like apt upgrade), it will load the fake library and execute the payload.

  3. Upon successful execution, a shell will be opened.

About

Needrestart, prior to version 3.8, contains a vulnerability that allows local attackers to execute arbitrary code with root privileges. This is achieved by manipulating the PYTHONPATH environment variable to trick needrestart into running the Python interpreter in an unsafe context.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages