Thomas Liske

3 exploits Active since May 2022
CVE-2022-30688 WRITEUP HIGH WRITEUP
needrestart <3.6 - Privilege Escalation
needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Regexes to detect the Perl, Python, and Ruby interpreters are not anchored, allowing a local user to escalate privileges when needrestart tries to detect if interpreters are using old source files.
CVSS 7.8
CVE-2024-48991 WRITEUP HIGH WRITEUP
Needrestart < 3.8 - Race Condition
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by winning a race condition and tricking needrestart into running their own, fake Python interpreter (instead of the system's real Python interpreter). The initial security fix (6ce6136) introduced a regression which was subsequently resolved (42af5d3).
CVSS 7.8
CVE-2024-48992 WRITEUP HIGH WRITEUP
Needrestart < 3.8 - Uncontrolled Search Path
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable.
CVSS 7.8