Описание
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable.
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-48992
- https://github.com/liske/needrestart/commit/b5f25f6ec6e7dd0c5be249e4e45de4ee9ffe594f
- https://lists.debian.org/debian-lts-announce/2024/11/msg00014.html
- https://www.cve.org/CVERecord?id=CVE-2024-48992
- https://www.openwall.com/lists/oss-security/2024/11/19/1
- https://www.qualys.com/2024/11/19/needrestart/needrestart.txt
- http://seclists.org/fulldisclosure/2024/Nov/17
Связанные уязвимости
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable.
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable.
Qualys discovered that needrestart, before version 3.8, allows local a ...
Уязвимость утилиты needrestart, связанная с неконтролируемым элементом пути поиска, позволяющая нарушителю выполнить произвольный код в контексте root-пользователя