nomisec
WORKING POC
106 stars
by makuga01 · poc
https://github.com/makuga01/CVE-2024-48990-PoC
This PoC exploits CVE-2024-48990 in `needrestart` by hijacking Python's importlib via a malicious shared library. The exploit waits for `needrestart` to be executed by root, then spawns a privileged shell via a constructor in the fake library.
Classification
Working Poc 95%
Target:
needrestart (version not specified)
No auth needed
Prerequisites:
Root execution of `needrestart` · Python environment with importlib · Write access to a directory in PYTHONPATH
nomisec
WORKING POC
25 stars
by pentestfunctions · poc
https://github.com/pentestfunctions/CVE-2024-48990-PoC-Testing
This repository contains a functional PoC for CVE-2024-48990, exploiting a vulnerability in the `needrestart` program where improper Python path handling allows privilege escalation via a malicious shared library. The PoC demonstrates how an attacker can gain root privileges by manipulating Python's import mechanism.
Classification
Working Poc 95%
Target:
needrestart (version 3.7-3)
Auth required
Prerequisites:
Linux-based system (Ubuntu/Debian) · needrestart package installed · Python 3.x · Sudo access to trigger package installation
nomisec
WORKING POC
8 stars
by Serner77 · poc
https://github.com/Serner77/CVE-2024-48990-Automatic-Exploit
This repository contains a functional exploit for CVE-2024-48990, a privilege escalation vulnerability in `needrestart` version 3.7. The exploit leverages insecure handling of the `PYTHONPATH` environment variable to execute arbitrary code as root by serving a malicious shared object via an HTTP server and triggering its execution through `needrestart`.
Classification
Working Poc 100%
Target:
needrestart version 3.7
Auth required
Prerequisites:
SSH access to the target · gcc on the attacker machine · Python 3 and curl on the target · Vulnerable version of needrestart (v3.7) · Non-root user with sudo NOPASSWD rights for /usr/sbin/needrestart
nomisec
WORKING POC
5 stars
by ten-ops · poc
https://github.com/ten-ops/CVE-2024-48990_needrestart
This repository contains a functional privilege escalation exploit for CVE-2024-48990 in Needrestart 3.7-3. It leverages improper input handling to execute arbitrary code with elevated privileges via a malicious shared object loaded by Needrestart.
Classification
Working Poc 95%
Target:
Needrestart 3.7-3
Auth required
Prerequisites:
Access to a system with Needrestart 3.7-3 installed · Ability to write to /tmp/attacker/importlib/ · Sudo access to execute 'needrestart -r a'
nomisec
WORKING POC
5 stars
by ns989 · poc
https://github.com/ns989/CVE-2024-48990
This repository contains a functional exploit for CVE-2024-48990, a local privilege escalation vulnerability in needrestart < 3.8. The exploit leverages a shared library injection via PYTHONPATH to execute arbitrary commands as root, specifically modifying /etc/passwd to add a root user.
Classification
Working Poc 95%
Target:
needrestart < 3.8
No auth needed
Prerequisites:
Local access to the system · needrestart < 3.8 installed · Python process with specific conditions
nomisec
WORKING POC
5 stars
by ally-petitt · poc
https://github.com/ally-petitt/CVE-2024-48990-Exploit
This exploit leverages Python's import system to execute arbitrary code when a privileged process (e.g., `sudo apt install`) runs with a manipulated `PYTHONPATH`. The `__init__.py` file contains a reverse shell payload that connects to 127.0.0.1:1337, demonstrating RCE under elevated privileges.
Classification
Working Poc 95%
Target:
Python (specific version not specified, but likely affects systems using Python's import mechanism)
No auth needed
Prerequisites:
Attacker-controlled directory in PYTHONPATH · Privileged process execution (e.g., sudo apt install)
nomisec
WORKING POC
5 stars
by czeti · poc
https://github.com/czeti/CVE-2024-48990_needrestart
This repository contains a functional privilege escalation exploit for CVE-2024-48990 in Needrestart 3.7-3. It leverages improper input handling to execute arbitrary code with elevated privileges via a malicious shared object loaded by Needrestart.
Classification
Working Poc 95%
Target:
Needrestart 3.7-3
Auth required
Prerequisites:
Access to a system with Needrestart 3.7-3 installed · Ability to write to /tmp/attacker/importlib/ · Sudo privileges to execute 'needrestart -r a'
nomisec
WORKING POC
2 stars
by tahsinunluturk · poc
https://github.com/tahsinunluturk/needrestart-privesc-cve-2024-48990
This repository contains a functional local privilege escalation exploit for CVE-2024-48990, which abuses the `-c` configuration option in `needrestart` to execute arbitrary Perl code as root. The exploit creates a SUID-root shell at `/tmp/bash` by leveraging the privileged context in which `needrestart` executes configuration files.
Classification
Working Poc 100%
Target:
needrestart (version not specified)
Auth required
Prerequisites:
User must have sudo access to execute `needrestart` · `needrestart` must be installed on the target system
nomisec
WORKING POC
2 stars
by Cyb3rFr0g · poc
https://github.com/Cyb3rFr0g/CVE-2024-48990-PoC
This PoC exploits a vulnerability in needrestart by leveraging Python's import mechanism to load a malicious shared object file, resulting in privilege escalation to root. The script creates a fake __init__.so file with a constructor that copies bash to /tmp/ribbit and sets the SUID bit, then waits for needrestart to execute with root permissions.
Classification
Working Poc 95%
Target:
needrestart (version not specified)
No auth needed
Prerequisites:
gcc · Python 3 · needrestart installed · apt-get or similar triggering needrestart with root permissions
nomisec
WORKING POC
1 stars
by sobbing333 · poc
https://github.com/sobbing333/CVE-2024-48990-POC
This repository contains a functional exploit for CVE-2024-48990, a privilege escalation vulnerability in needrestart. The exploit leverages Python's importlib to execute a reverse shell when needrestart is run with sudo.
Classification
Working Poc 95%
Target:
needrestart
Auth required
Prerequisites:
sudo access to needrestart · Python3 installed on the target system
nomisec
WORKING POC
1 stars
by o-sec · poc
https://github.com/o-sec/CVE-2024-48990
This repository contains a functional proof-of-concept exploit for CVE-2024-48990, a local privilege escalation vulnerability in needrestart before version 3.8. The exploit manipulates the PYTHONPATH environment variable to execute arbitrary code as root via a malicious importlib module.
Classification
Working Poc 95%
Target:
needrestart < 3.8
No auth needed
Prerequisites:
Local access to the target system · needrestart service running
nomisec
WORKING POC
1 stars
by Mr-DJ · poc
https://github.com/Mr-DJ/CVE-2024-48990
This repository contains a functional exploit for CVE-2024-48990, a local privilege escalation vulnerability in the `needrestart` utility. The exploit leverages insecure handling of the PYTHONPATH environment variable to execute arbitrary code with root privileges when `needrestart` scans running processes.
Classification
Working Poc 95%
Target:
needrestart < 3.8
No auth needed
Prerequisites:
Local access to the target system · Presence of the vulnerable `needrestart` utility · Ability to execute Python scripts
nomisec
WORKING POC
1 stars
by NullByte-7w7 · poc
https://github.com/NullByte-7w7/CVE-2024-48990
This repository contains a functional privilege escalation exploit for CVE-2024-48990, leveraging PYTHONPATH hijacking in needrestart version 3.7 to execute arbitrary code as root via a malicious shared library.
Classification
Working Poc 95%
Target:
needrestart version 3.7
No auth needed
Prerequisites:
Target system must have needrestart version 3.7 installed · Attacker must have write access to /tmp directory · Target system must execute needrestart (e.g., during system updates)
nomisec
WORKING POC
1 stars
by 0x3bs · poc
https://github.com/0x3bs/CVE-2024-48990
This repository contains a functional exploit for CVE-2024-48990, leveraging Python's importlib hijacking to execute a malicious shared object (exp.so) with root privileges. The exploit creates a SUID shell and modifies sudoers for persistence.
Classification
Working Poc 95%
Target:
needrestart (specific version not specified)
No auth needed
Prerequisites:
Access to victim machine to place files in /tmp · needrestart must be installed and executable
nomisec
WORKING POC
by Loaxert · poc
https://github.com/Loaxert/CVE-2024-48990-PoC
This repository contains a functional privilege escalation exploit for CVE-2024-48990, targeting needrestart versions prior to 3.8. The exploit manipulates the PYTHONPATH environment variable to execute malicious code with root privileges when needrestart is run.
Classification
Working Poc 95%
Target:
needrestart < 3.8
No auth needed
Prerequisites:
Local access to the victim machine · needrestart < 3.8 installed · Python interpreter available
nomisec
WORKING POC
by felmoltor · poc
https://github.com/felmoltor/CVE-2024-48990
This exploit leverages a Python library hijacking technique to escalate privileges by injecting a malicious shared library into the Python import path, which then sets SUID permissions on a root shell binary when executed with root privileges.
Classification
Working Poc 95%
Target:
Systems with Python 3.12 and vulnerable to library hijacking (e.g., needrestart or similar tools)
No auth needed
Prerequisites:
Python 3.12 installed · Write access to a directory in PYTHONPATH · A process running as root that imports the hijacked library
nomisec
WORKING POC
by BLUEBERRYP1LL · poc
https://github.com/BLUEBERRYP1LL/CVE-2024-48990
This repository contains a functional local privilege escalation exploit for CVE-2024-48990, targeting needrestart versions < 3.8 on Ubuntu/Debian systems. The exploit leverages PYTHONPATH injection to execute arbitrary code as root when needrestart scans Python processes.
Classification
Working Poc 100%
Target:
needrestart < 3.8
No auth needed
Prerequisites:
Unprivileged local access · needrestart < 3.8 installed · Python process execution capability
nomisec
WRITEUP
by CyberCrowCC · poc
https://github.com/CyberCrowCC/CVE-2024-48990
The writeup details CVE-2024-48990, a vulnerability in needrestart where an attacker-controlled PYTHONPATH environment variable allows arbitrary code execution as root. The analysis includes specific code snippets and explains the exploitation mechanism.
Classification
Writeup 90%
Target:
needrestart
No auth needed
Prerequisites:
Local access to a Python process controlled by the attacker
nomisec
WORKING POC
by mladicstefan · poc
https://github.com/mladicstefan/CVE-2024-48990
This repository contains a functional exploit for CVE-2024-48990, a local privilege escalation vulnerability in needrestart < 3.8. The exploit leverages PYTHONPATH injection to execute malicious code as root when needrestart scans processes.
Classification
Working Poc 100%
Target:
needrestart < 3.8
No auth needed
Prerequisites:
Access to a vulnerable system with needrestart < 3.8 installed · Ability to compile C code · Python 3 installed on the target system
nomisec
WORKING POC
by grecosamuel · poc
https://github.com/grecosamuel/CVE-2024-48990
This repository contains a functional exploit for CVE-2024-48990, which leverages a Python environment variable manipulation in needrestart to achieve local privilege escalation. The exploit involves a malicious shared library loaded via PYTHONPATH, leading to arbitrary code execution as root.
Classification
Working Poc 95%
Target:
needrestart < 3.8
Auth required
Prerequisites:
Local access to the victim machine · Ability to execute scripts as a non-root user · needrestart installed and executable via sudo
metasploit
WORKING POC
GREAT
by h00die, makuga01, qualys · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/ubuntu_needrestart_lpe.rb
This Metasploit module exploits CVE-2024-48990, a local privilege escalation vulnerability in Ubuntu's needrestart utility. It leverages an attacker-controlled PYTHONPATH environment variable to execute arbitrary code as root.
Classification
Working Poc 100%
Target:
needrestart on Ubuntu (verified on 22.04 with version 3.5-5ubuntu2.1)
No auth needed
Prerequisites:
Local access to a vulnerable Ubuntu system · needrestart installed and vulnerable