The Qualys Threat Research Unit discovered several local privilege escalation vulnerabilities in needrestart, a utility to check which daemons need to be restarted after library upgrades. A local attacker can execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable (CVE-2024-48990) or running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable (CVE-2024-48992). Additionally a local attacker can trick needrestart into running a fake Python interpreter (CVE-2024-48991) or cause needrestart to call the Perl module Module::ScanDeps with attacker-controlled files (CVE-2024-11003).
Details can be found in the Qualys advisory at https://www.qualys.com/2024/11/19/needrestart/needrestart.txt
https://security-tracker.debian.org/tracker/DSA-5815-1
Continue reading...
Details can be found in the Qualys advisory at https://www.qualys.com/2024/11/19/needrestart/needrestart.txt
https://security-tracker.debian.org/tracker/DSA-5815-1
Continue reading...
