漏洞描述
Needrestart使用PYTHONPATH环境变量执行Python解释器,如果本地攻击者控制该变量,可以通过植入恶意共享库,在Python初始化期间以root身份执行任意代码。
Linux needrestart本地提权漏洞(CVE-2024-48990)
PoC代码
暂无相关漏洞推荐
- POC CVE-2023-4911: Looney Tunables Linux - Local Privilege Escalation
- POC CVE-2020-7209: LinuxKI Toolset <= 6.01 - Remote Command Execution
- POC finger-service-enabled: Linux Finger Should Be Disabled
- POC linux-account-lockout-threshold: Linux Account Lockout Threshold Check
- POC linux-anonymous-ftp-enabled: Linux Anonymous FTP Access Enabled
- POC linux-root-remote-login: Linux Root Remote Login Enabled - Misconfig
- POC linux-world-writable-file: Linux World-Writable File Permission
- POC smtp-open-relay: Linux SMTP Open Relay Misconfigured
- POC weak-password-complexity: Linux Password Complexity Not Enforced
- POC linux-lfi-fuzz: Local File Inclusion - Linux
- POC linux-lfi-fuzzing: Linux - Local File Inclusion Fuzzing
- POC generic-linux-lfi: Generic Linux - Local File Inclusion
- POC vmware-vcenter-lfi-linux: Linux Vmware Vcenter - Local File Inclusion