Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable.
History

Tue, 03 Dec 2024 14:45:00 +0000

Type Values Removed Values Added
References

Tue, 19 Nov 2024 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Needrestart Project
Needrestart Project needrestart
Weaknesses CWE-427
CPEs cpe:2.3:a:needrestart_project:needrestart:-:*:*:*:*:*:*:*
Vendors & Products Needrestart Project
Needrestart Project needrestart
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 19 Nov 2024 18:00:00 +0000

Type Values Removed Values Added
Description Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable.
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: canonical

Published: 2024-11-19T17:38:07.238Z

Updated: 2024-12-03T13:31:42.598Z

Reserved: 2024-10-11T16:13:54.153Z

Link: CVE-2024-48990

cve-icon Vulnrichment

Updated: 2024-12-03T13:31:42.598Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-11-19T18:15:21.530

Modified: 2024-12-03T14:15:20.627

Link: CVE-2024-48990

cve-icon Redhat

No data.