Описание
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| needrestart | fixed | 3.7-3.1 | package |
Примечания
https://www.qualys.com/2024/11/19/needrestart/needrestart.txt
Fixed by: https://github.com/liske/needrestart/commit/fcc9a4401392231bef4ef5ed026a0d7a275149ab (v3.8)
EPSS
Связанные уязвимости
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable.
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable.
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable.
Уязвимость утилиты needrestart, связанная с неконтролируемым элементом пути поиска, позволяющая нарушителю выполнить произвольный код в контексте root-пользователя
EPSS