关键信息 CVE-2024-48992 CNA: Canonical Ltd. Published: 2024-11-19 Updated: 2024-11-19 Description: - Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable. CVSS Score: 7.8 (HIGH) Severity: HIGH Version: 3.1 Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Product: needrestart Platforms: Linux Vendor: needrestart Default Status: unknown Affected Versions: 0 before 3.8 Credits: - Qualys (finder) - Thomas Liske (remediation developer) - Mark Esler (coordinator) References: - https://www.cve.org/CVERecord?id=CVE-2024-48992 (issue-tracking) - https://github.com/liske/needrestart/commit/b5f25f6ec6e7dd0c5be249e4e45de4ee9ffe594f (patch) - https://www.qualys.com/2024/11/19/needrestart/needrestart.txt (third-party-advisory) Authorized Data Publishers CISA-ADP --- Additional Information Policies & Cookies - Terms of Use - Website Security Policy - Privacy Policy - Cookie Notice - Manage Cookies Media - News - Blogs - Podcasts - Email newsletter sign up Social Media - Twitter - LinkedIn - YouTube - GitHub Contact - CVE Program Support - CNA Partners - CVE Website Support - CVE Program Idea Tracker --- Terms of Use Use of the CVE® List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999-2024, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation.