关联漏洞
标题:
needrestart 安全漏洞
(CVE-2024-48990)
描述:needrestart是liske个人开发者的一款用于检查升级后需要重新启动哪些守护进程的工具。 needrestart 3.8之前版本存在安全漏洞,该漏洞源于允许本地攻击者通过诱骗needrestart使用攻击者控制的PYTHONPATH环境变量运行Python解释器,并以root身份执行任意代码。
描述
Needrestart, prior to version 3.8, contains a vulnerability that allows local attackers to execute arbitrary code with root privileges. This is achieved by manipulating the PYTHONPATH environment variable to trick needrestart into running the Python interpreter in an unsafe context.
介绍
## Proof of Concept (PoC) for CVE-2024-48990 in `needrestart`
**CVE-2024-48990**: Linux Local Privilege Escalation (LPE) via `needrestart`
- **Patched**: Nov 19, 2024
- **More Information**: [Qualys Advisory](https://www.qualys.com/2024/11/19/needrestart/needrestart.txt)
---
## How to Use?
1. Run the script `./start.sh`.
- This will compile a malicious `importlib` library.
- It will then start a Python script (`e.py`) that sets up a listener and waits for `needrestart` to be executed by the `root` user.
2. When `needrestart` is triggered (typically by an update like `apt upgrade`), it will load the fake library and execute the payload.
3. Upon successful execution, a shell will be opened.
---
文件快照
[4.0K] /data/pocs/6d85eaf0a6a79f1fa4c60a5696aae7de4c587d86
├── [ 323] e.py
├── [ 553] lib.c
├── [ 716] README.md
└── [ 241] start.sh
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。