Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

CVE-2024-48990 PoC — needrestart 安全漏洞

Source
https://github.com/Cyb3rFr0g/CVE-2024-48990-PoC
Associated Vulnerability
Title:needrestart 安全漏洞 (CVE-2024-48990)
Description:Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable.
Description
My take on the needrestart Python CVE-2024-48990
Readme
This simple shell script should create all the required file for this vulnerability to work.

First it creates a randomly generated temporary file that will be used to compile the fake \_\_init\_\_.so file
When the vulnerability is triggered. This file will execute and copy the bash binary to /tmp/ribbit and set the SUID bit.
Next It creates the importlib directory in the current working directory
It then compiles the temporary file created into \_\_init\_\_.so and puts it into the newly created directory
Lastly it creates another randomly named temporary python file that sleeps and waits for the vulnerability to trigger. Once triggered it will execute the SUID set bash binary resulting in a root shell.

Once the python script is started. needrestart needs to execute with root permissions. This is typically done when apt-get is used.
File Snapshot

 [4.0K]  /data/pocs/8f26c792573718b08e95557929e4c1ae7f406a03
├── [1.6K]  privesc.sh
└── [ 846]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →