CVE-2024-48990

This PoC exploits CVE-2024-48990 in `needrestart` by hijacking Python's importlib via a malicious shared library. The exploit waits for `needrestart` to be executed by root, then spawns a privileged shell via a constructor in the fake library.

This repository contains a functional PoC for CVE-2024-48990, exploiting a vulnerability in the `needrestart` program where improper Python path handling allows privilege escalation via a malicious shared library. The PoC demonstrates how an attacker can gain root privileges by manipulating Python's import mechanism.

This repository contains a functional exploit for CVE-2024-48990, a privilege escalation vulnerability in `needrestart` version 3.7. The exploit leverages insecure handling of the `PYTHONPATH` environment variable to execute arbitrary code as root by serving a malicious shared object via an HTTP server and triggering its execution through `needrestart`.

This repository contains a functional privilege escalation exploit for CVE-2024-48990 in Needrestart 3.7-3. It leverages improper input handling to execute arbitrary code with elevated privileges via a malicious shared object loaded by Needrestart.

This repository contains a functional privilege escalation exploit for CVE-2024-48990 in Needrestart 3.7-3. It leverages improper input handling to execute arbitrary code with elevated privileges via a malicious shared object loaded by Needrestart.

This exploit leverages Python's import system to execute arbitrary code when a privileged process (e.g., `sudo apt install`) runs with a manipulated `PYTHONPATH`. The `__init__.py` file contains a reverse shell payload that connects to 127.0.0.1:1337, demonstrating RCE under elevated privileges.

This repository contains a functional exploit for CVE-2024-48990, a local privilege escalation vulnerability in needrestart < 3.8. The exploit leverages a shared library injection via PYTHONPATH to execute arbitrary commands as root, specifically modifying /etc/passwd to add a root user.

This repository contains a functional local privilege escalation exploit for CVE-2024-48990, which abuses the `-c` configuration option in `needrestart` to execute arbitrary Perl code as root. The exploit creates a SUID-root shell at `/tmp/bash` by leveraging the privileged context in which `needrestart` executes configuration files.

This PoC exploits a vulnerability in needrestart by leveraging Python's import mechanism to load a malicious shared object file, resulting in privilege escalation to root. The script creates a fake __init__.so file with a constructor that copies bash to /tmp/ribbit and sets the SUID bit, then waits for needrestart to execute with root permissions.

This repository contains a functional exploit for CVE-2024-48990, a privilege escalation vulnerability in needrestart. The exploit leverages Python's importlib to execute a reverse shell when needrestart is run with sudo.

This repository contains a functional proof-of-concept exploit for CVE-2024-48990, a local privilege escalation vulnerability in needrestart before version 3.8. The exploit manipulates the PYTHONPATH environment variable to execute arbitrary code as root via a malicious importlib module.

This repository contains a functional exploit for CVE-2024-48990, leveraging Python's importlib hijacking to execute a malicious shared object (exp.so) with root privileges. The exploit creates a SUID shell and modifies sudoers for persistence.

This repository contains a functional exploit for CVE-2024-48990, a local privilege escalation vulnerability in the `needrestart` utility. The exploit leverages insecure handling of the PYTHONPATH environment variable to execute arbitrary code with root privileges when `needrestart` scans running processes.

This repository contains a functional privilege escalation exploit for CVE-2024-48990, leveraging PYTHONPATH hijacking in needrestart version 3.7 to execute arbitrary code as root via a malicious shared library.

This repository contains a functional privilege escalation exploit for CVE-2024-48990, leveraging PYTHONPATH hijacking to execute malicious code via the `needrestart` utility. The exploit creates a malicious `importlib` module that, when loaded by a privileged process, copies a SUID root shell to `/tmp/poc`.

This repository contains a functional local privilege escalation exploit for CVE-2024-48990, targeting needrestart versions < 3.8 on Ubuntu/Debian systems. The exploit leverages PYTHONPATH injection to execute arbitrary code as root when needrestart scans Python processes.

This repository contains a functional exploit for CVE-2024-48990, which leverages a Python environment variable manipulation in needrestart to achieve local privilege escalation. The exploit involves a malicious shared library loaded via PYTHONPATH, leading to arbitrary code execution as root.

This repository contains a functional privilege escalation exploit for CVE-2024-48990, targeting needrestart versions prior to 3.8. The exploit manipulates the PYTHONPATH environment variable to execute malicious code with root privileges when needrestart is run.

This repository contains a functional exploit for CVE-2024-48990, a local privilege escalation vulnerability in needrestart < 3.8. The exploit leverages PYTHONPATH injection to execute malicious code as root when needrestart scans processes.

The writeup details CVE-2024-48990, a vulnerability in needrestart where an attacker-controlled PYTHONPATH environment variable allows arbitrary code execution as root. The analysis includes specific code snippets and explains the exploitation mechanism.

This exploit leverages a Python library hijacking technique to escalate privileges by injecting a malicious shared library into the Python import path, which then sets SUID permissions on a root shell binary when executed with root privileges.

This Metasploit module exploits CVE-2024-48990, a local privilege escalation vulnerability in Ubuntu's needrestart utility. It leverages an attacker-controlled PYTHONPATH environment variable to execute arbitrary code as root.