Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-48990 PoC — needrestart 安全漏洞

Source
https://github.com/NullByte-7w7/CVE-2024-48990
Associated Vulnerability
Title:needrestart 安全漏洞 (CVE-2024-48990)
Description:Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable.
Readme
# CVE-2024-48990

# introdution

This vulnerability takes advantage of the way in which needrestart manages the environment variable, to be more precise, PYTHONPATH can be hijacked by modifying the PYTHONPATH variable to a directory that contains a malicious library, thus executing and gaining access, we can have suid problems in some directories, so define in evil.c the following structure "sudo mount -o remount,suid /tmp" so we will be able to obtain root when executing /tmp/nullbyte -p.


# Execution Exploit

```bash
PYTHONPATH=/tmp python3 get_root.py
```
now, wait sysadmin update system or execute needrestart version 3.7, remember target need have version 3.7 needrestart
File Snapshot

 [4.0K]  /data/pocs/36ecab3a63bde71bc4ce5d85f0dbf8b32f00a6cc
├── [ 290]  evil.c
├── [ 723]  get_root.py
└── [ 685]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →