关联漏洞
标题:
needrestart 安全漏洞
(CVE-2024-48990)
描述:needrestart是liske个人开发者的一款用于检查升级后需要重新启动哪些守护进程的工具。 needrestart 3.8之前版本存在安全漏洞,该漏洞源于允许本地攻击者通过诱骗needrestart使用攻击者控制的PYTHONPATH环境变量运行Python解释器,并以root身份执行任意代码。
描述
Exploit for CVE-2024-48990 - Privilege Escalation in Needrestart 3.7-3. For eductional purposes only
介绍
# CVE-2024-48990 - Needrestart 3.7-3 Privilege Escalation Exploit
## Overview
This repository contains an exploit for CVE-2024-48990, a privilege escalation vulnerability in Needrestart 3.7-3. The exploit leverages improper input handling to execute arbitrary code with elevated privileges.
## Affected Versions
- Needrestart 3.7-3 (Tested on Debian-based systems)
- Other versions may also be vulnerable
## Exploit Details
The exploit consists of:
- `main.asm`: Assembly shellcode used for privilege escalation.
- `listener.sh`: Python-based listener for monitoring exploitation success.
- `Makefile`: Automates the compilation and execution of the exploit.
## Exploitation Steps
### 1. Clone the Repository
```bash
git clone https://github.com/ten-ops/CVE-2024-48990.git
cd CVE-2024-48990
```
### 2. Compile and Execute
```bash
make
```
This will:
- Assemble and link the shellcode.
- Create a malicious shared object (`__init__.so`) inside `/tmp/attacker/importlib/`.
- Execute the `listener.sh` script to monitor the attack.
### 3. Trigger the Exploit
To trigger the exploit, execute the following command:
```bash
sudo needrestart -r a
```
This forces Needrestart to load the malicious shared object, resulting in privilege escalation.
### 4. Verify Exploitation Success
If successful, you should see:
```bash
Root obtained!, clear traces ...
```
---
## Why This Attack is Effective on Multi-User Ubuntu Servers
**1. Needrestart is often executed by administrators when updating or patching the server.**
**2. If the attacker injects the payload before an admin runs needrestart, they gain root without direct sudo access.**
**3. This is known as "privilege escalation by waiting" (time-of-use attack).**
---
## Mitigation
To mitigate this vulnerability:
- **Upgrade Needrestart** to the latest patched version.
- **Restrict execution of untrusted binaries** by enforcing strict sudo policies.
- **Monitor `/tmp/` and `/var/tmp/`** for suspicious activity.
---
## Disclaimer
This exploit is for **educational and research purposes only**. Unauthorized use may violate applicable laws. The author is not responsible for any misuse.
---
## References
- [CVE Details](https://www.cvedetails.com/cve/CVE-2024-48990/)
- [Mitre](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48990)
---
### **SEO Optimization Tags:**
**CVE-2024-48990, Needrestart Exploit, Linux Privilege Escalation, Needrestart 3.7-3 Vulnerability, Linux Security, Ethical Hacking, Red Teaming, Root Exploit, Assembly Exploit, Cybersecurity Research**
文件快照
[4.0K] /data/pocs/2f11eb8ffe32f5c50cbbdbdfa3eb337ffe2f79e6
├── [ 11K] LICENSE
├── [ 322] makefile
├── [2.5K] README.md
└── [4.0K] src
├── [ 392] listener.sh
└── [2.0K] main.asm
1 directory, 5 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。