Showing 1 - 2 of 2

CVE-2024-48990

Debian Security Advisory 5815-1: Posted Nov 20, 2024; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5815-1 - The Qualys Threat Research Unit discovered several local privilege escalation vulnerabilities in needrestart, a utility to check which daemons need to be restarted after library upgrades. A local attacker can execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable (CVE-2024-48990) or running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable (CVE-2024-48992). Additionally a local attacker can trick needrestart into running a fake Python interpreter (CVE-2024-48991) or cause needrestart to call the Perl module Module::ScanDeps with attacker-controlled files (CVE-2024-11003).; tags | advisory, arbitrary, local, root, perl, vulnerability, python, ruby; systems | linux, debian; advisories | CVE-2024-11003, CVE-2024-48990, CVE-2024-48991, CVE-2024-48992; SHA-256 | 5e41b21d2bd83511831c10a278bb8fee7846b092ba4f682ead33f207de7216f3; Download | Favorite | View

Ubuntu Security Notice USN-7117-1: Posted Nov 20, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 7117-1 - Qualys discovered that needrestart passed unsanitized data to a library which expects safe input. A local attacker could possibly use this issue to execute arbitrary code as root. Qualys discovered that the library libmodule-scandeps-perl incorrectly parsed perl code. This could allow a local attacker to execute arbitrary shell commands.; tags | advisory, arbitrary, shell, local, root, perl; systems | linux, ubuntu; advisories | CVE-2024-10224, CVE-2024-11003, CVE-2024-48990, CVE-2024-48991, CVE-2024-48992; SHA-256 | 243f9908492121d33be291aab7ae169001482e1d128c0417a2f83b5ed1d56c6e; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days