Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable.
Metrics
Affected Vendors & Products
References
History
Tue, 03 Dec 2024 14:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Tue, 19 Nov 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Needrestart Project
Needrestart Project needrestart |
|
Weaknesses | CWE-427 | |
CPEs | cpe:2.3:a:needrestart_project:needrestart:-:*:*:*:*:*:*:* | |
Vendors & Products |
Needrestart Project
Needrestart Project needrestart |
|
Metrics |
ssvc
|
Tue, 19 Nov 2024 18:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable. | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: canonical
Published: 2024-11-19T17:38:22.267Z
Updated: 2024-12-03T13:32:42.900Z
Reserved: 2024-10-11T16:13:54.153Z
Link: CVE-2024-48992
Vulnrichment
Updated: 2024-12-03T13:32:42.900Z
NVD
Status : Awaiting Analysis
Published: 2024-11-19T18:15:21.897
Modified: 2024-12-03T14:15:20.850
Link: CVE-2024-48992
Redhat
No data.