关联漏洞
标题:
needrestart 安全漏洞
(CVE-2024-48990)
描述:needrestart是liske个人开发者的一款用于检查升级后需要重新启动哪些守护进程的工具。 needrestart 3.8之前版本存在安全漏洞,该漏洞源于允许本地攻击者通过诱骗needrestart使用攻击者控制的PYTHONPATH环境变量运行Python解释器,并以root身份执行任意代码。
描述
My take on the needrestart Python CVE-2024-48990
介绍
This simple shell script should create all the required file for this vulnerability to work.
First it creates a randomly generated temporary file that will be used to compile the fake \_\_init\_\_.so file
When the vulnerability is triggered. This file will execute and copy the bash binary to /tmp/ribbit and set the SUID bit.
Next It creates the importlib directory in the current working directory
It then compiles the temporary file created into \_\_init\_\_.so and puts it into the newly created directory
Lastly it creates another randomly named temporary python file that sleeps and waits for the vulnerability to trigger. Once triggered it will execute the SUID set bash binary resulting in a root shell.
Once the python script is started. needrestart needs to execute with root permissions. This is typically done when apt-get is used.
文件快照
[4.0K] /data/pocs/8f26c792573718b08e95557929e4c1ae7f406a03
├── [1.6K] privesc.sh
└── [ 846] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。